Wireless Security - How WEP works

balaji
By balaji

December 27, 2006

As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure their wireless connections from sniffing attacks. You've probably also heard that it's not very secure. In the first part of this 2 part series I'll explain the inner workings of WEP and follow it up next month with why it's insecure.

As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure their wireless connections from sniffing attacks. You've probably also heard that it's not very secure. In the first part of this 2 part series I'll explain the inner workings of WEP and follow it up next month with why it's insecure.

Do i need WEP at all?

An authentic user, Bob uses his laptop to check his Gmail account everyday. He has a wireless card in his laptop which automatically detects his ISP's wireless access point (WAP) just across the street. Once he's connected to the WAP he can go ahead and check his Email. Alice is a sneaky user who doesn't want to pay the ISP for access to the Internet. She however knows that the ISP across the street has an access point which anyone can connect to and access the Internet. She plugs in her laptop and is soon downloading music from the Internet. WEP was designed to ensure that users authenticate themselves before using resources, to block out Alice, and allow Bob. Let's see how it does this.

How WEP works

WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. As soon as the access point receives the packets sent by the user's network card it decrypts them.

Each byte of data will be encrypted using a different packet key. This ensures that if a hacker does manage to crack this packet key the only information that is leaked is that which is contained in that packet.

The actual encryption logic in RC4 is very simple. The plain text is XOR-ed with an infinitely long keystream. The security of RC4 comes from the secrecy of the packet key that's derived from the keystream.

So what's a packet key?

The packet key is formed by combining a pre-shared password, a state array and an initialization vector (IV). Let's first understand each of these terms:

Pre-shared Password: The same pre-shared password is used by all users for each packet that is transmitted.

State Array: It's a series of numbers which are scrambled and then used by RC4 to construct the key stream.

Initialization Vector (IV): The IV is a 3-byte random number generated by the computer. It's either prepended or appended to the cipher text and sent to the receiver who strips the IV off before decrypting the cipher text.

The RC4 algorithm consists of 2 main parts:

The Key Scheduling Algorithm: The KSA process involves creating a scrambled state array . This state array will now be used as input in the second phase, called the PRGA phase.

The Pseudo Random Generation Algorithm: The state array from the KSA process is used here to generate a final key stream. Each byte of the key stream generated is then Xor'ed with the corresponding plain text byte to produce the desired cipher text.

Key Scheduling Algorithm

The IV is calculated using a state array and properties of the pre-shared password. This is accomplished by creating an array of values equal to the index you want to use in the algorithm. The Index for WEP by default is 256. The components required for the KSA are the values of the variables i and j, the index value, the pre-shared password and its length. The algorithm which uses these values to generate a final keystream is outlined below.

Initialization:

	For i=0 ... index-1
S[i]=i
J=0

Scrambling:

	For i=0 ... index-1
J = j + state[i] + K[I mod length]
Swap(state[i] , state[j])

A loop first runs from 0 to index-1 to initialize the state array with values from 0 to index. For eg. If index =4 the state array will be filled with values from 0 to 3. Therefore the array values will be as follows:

	s[0]=0 s[1]=1 s[2]=2 s[3]=3 

The value of j is set to 0. Another loop is then started. For every time through the loop, the value of j is calculated, and the array value held in state[i] is swapped for the value held in state[j] .

Pseudo Random Generation Algorithm (PRGA)

A pseudorandom number generator (PRNG) is an algorithm that generates a random sequence of numbers. The PRGA is responsible for creating the streaming values used to encrypt the plaintext, which is based on the state array, the output of the KSA . The methodology that the PRGA follows is outlined below.

Initialization:

	I=0 j=0 index=4 

Generation Algorithm

	I=(i+1) mod index
J=(j+state[i]) mod index
Swap(state[i], state[j])
Z=state[state[i] + state[j]mod index]

The streaming value is created by looping through the algorithm for each byte of the packet. The variables i and j are initialized to 0. For each packet the value of j is calculated, and the array value held in state[i] is swapped for the value held in state[j] . The output z is then calculated for each packet. At the end of the process we have a PRGA stream.

The PRGA stream is then Xor'ed with the plain text to generate cipher text which is transmitted to the other party.

An Example

Let's illustrate the above concepts in the form of an example. The plain text that is to be encrypted is TEST. The password which will be used here is 6258. The initial values of our variable are as follows:

i=0 j=0 password=6258 pass length=4 index=4 

Following the algorithm we get:

Step-1

	State array: State[0]=0 State[1]=1 State[2]=2 State[3]=3
Password: K[0]=6 K[1]=2 K[2]=5 K[3]=8
j = [0 + S[0] + K[0]] mod 4 = 6 mod 4 = 2
Swap(State[0] , State[2]) = Swap(0,2)
State[0]=2 State[1]=1 State[2]=0 State[3]=3

Step-2

	i=1 j=2
State array: State[0]=2 State[1]=1 State[2]=0 State[3]=3
Password: K[0]=6 K[1]=2 K[2]=5 K[3]=8
j = [2 + S[1] + K[1]] mod 4 = 5 mod 4 = 1
Swap(State[1], State[2]) = Swap(1,0)
State[0]=2 State[1]=0 State[2]=1 State[3]=3

Step 3

	i=2 j=1
State array: State[0]=2 State[1]=0 State[2]=1 State[3]=3
Password: K[0]=6 K[1]=2 K[2]=5 K[3]=8
j = [1 + State[2] + K[2]]mod 4 = 7 mod 4 = 3
Swap(State[2], State[3]) = Swap(1,3)
State[0]=2 State[1]=0 State[2]=3 State[3]=1

Step 4

	i=3 j=3
State array: State[0]=2 State[1]=0 State[2]=3 State[3]=1
Password: K[0]=6 K[1]=2 K[2]=5 K[3]=8
j = [3 + State[3] +K[3]]mod 4 = 12 mod 4 = 0
Swap(State[3], State[0]) = Swap(1,2)
State[0]=1 State[1]=0 State[2]=3 State[3]=2
Final State Array: State[0]=1 State[1]=0 State[2]=3 State[3]=2

Once the KSA state array is ready, the PRGA procedure is initialized. The procedure is as follows:

	Initially i=0 j=0
K[0]=6 K[1]=2 K[2]=5 K[3]=8

First Loop:

	State[0]=1 State[1]=0 State[2]=3 State[3]=2
i=1 j=0+State[1]=0+0=0
Swap(State[1], State[0]) = Swap(0,1)
State[0]=0 State[1]=1 State[2]=3 State[3]=2
z = State[State[1] + State[0] mod 4] = State[1] = 1
z1 = 00000001

Second Loop:

	State[0]=0 State[1]=1 State[2]=3 State[3]=2
i=2 j=0+State[2]=3
Swap(State[2], State[3]) = Swap(3,2)
State[0]=0 State[1]=1 State[2]=2 State[3]=3
z = State[State[2] + State[3] mod 4] = State[1] = 1
z2 = 00000001

Third Loop:

	State[0]=0 State[1]=1 State[2]=2 State[3]=3
i=3 j=3+State[3]=6 mod 4 = 2
Swap(State[3],State[2]) = Swap(3,2)
State[0]=0 State[1]=1 State[2]=3 State[3]=2
z = State[State[3] + State[2]] mod 4 = State[1] = 1
z3=00000001

Fourth Loop:

	State[0]=0 State[1]=1 State[2]=3 State[3]=2
i=4 j=2+State[4]=2+State[4 mod 4] = 2+State[0] = 2
Swap(State[4],State[2]) = Swap(State[0],State[2]) = Swap(0,3)
State[0]=3 State[1]=1 State[2]=0 State[3]=2
z4 = State[State[4] + State[2]] = State[State[0] +
State[2]] = State[3] = 2
z4=00000010

The outputs z1-z4 at the end of each loop must be Xor'ed with the ASCII of each character of plain text which in our case is TEST. Hence the cipher text for the plain text TEST will be as follows:

	T xor z1 = 01010100 xor 00000001 = 01010101 = U
E xor z2 = 01000101 xor 00000001 = 01000100 = D
S xor z3 = 01010011 xor 00000001 = 01010010 = R
T xor z4 = 01010100 xor 00000010 = 01010110 = U

The word TEST when encrypted with WEP is UDRU.

This article was just an introduction to WEP and the exact procedure in which encryption takes place in WEP. In the next part we'll address the question that's uppermost in your minds: "Why is WEP insecure? What risks am I exposed to if I use WEP?"

References

  1. Maximum Wireless security by Seth Fogie
  2. RC algorithms - Answers.com

Tags: Technical

About

balaji