Network Security and Privacy, Continued
WEP is not without weapons in its arsenal to combat these two attacks. It uses an Integrity Check (IC) field in the packet to help guarantee that a packet has not been modified in transit. An Initialization Vector (IV) is used to supplement the shared key to avoid encrypting two plaintexts with the same key stream. Research shows that these two measures are implemented incorrectly, which reduces the effectiveness of these security measures.
The IC field is implemented as a CRC-32 checksum - a very common error detection scheme. The problem with this scheme is that it is linear. It is possible to compute the bit difference of the two CRCs based on the bit difference of the data packets. In doing so, this allows the attacker to be able to determine which bits of the CRC-32 code to correct when flipping arbitrary bits in the packets so that the resulting packet seems valid.
Another weakness of the WEP algorithm is that it uses a 24-bit initialization vector. This is a very small range of possible IVs. This guarantees that there will be a reuse of the same key stream in a relatively short period of time. On a busy access point with relatively average sized data packets, the time before key reuse is about 5 hours. This time may be less if packet size decreases. This allows the attacker to gather two ciphertexts that were encrypted with the same key stream and begin the statistical analysis to recover the plaintext. To add insult to injury, when all mobile nodes use the same key, the chances for IV collision in greatly increased. To add insult to injury, the 802.11 standard specifies the IV changing with each packet be optional.
More sophisticated methods of key management can be used to help defend the network against such attacks as described above. These attacks are not as simple as one might think. Sure, the 802.11 products on the market reduce the difficulty for a would-be attacker a means of decoding a 2.4GHz signal; the hard part lies in the hardware itself. Most 802.11 equipment is designed to disregard encrypted content for which it doesn't have the key. The trick lies in changing the configuration of the drivers and confusing the hardware enough so that the unrecognized ciphertext is returned for further examination and analysis. Active attacks, those requiring data transmission, appear to be more difficult, yet not impossible.
This is one serious setback to wireless networking technology. The problem stems from the misunderstanding and misuse of the cryptographic primitives engrained in the wireless standards. Until there is another addition that fixes the security and privacy of the 802.11 standard, the idea of a 100% private and secure wireless network is not yet possible.
