So far we've reviewed algorithms, cipher-text, plain-text, and ciphers, and you might be wondering of what practical use any of these things are to a wireless network administrator.
In the following sections, we will look at the practical implementations of some of the cryptographic concepts discussed thus far-as they pertain to wireless network administration.
Wired Equivalent Privacy Protocol
When the IEEE 802.11 standard was being developed, it was a necessity that some method be required for securing the communications that use radio frequency (RF) as a medium. The proposed and implemented solution was the Wired Equivalent Privacy (WEP) protocol. The phrase "wired equivalent" refers to the intention and goal for WEP, which was to secure communications in a wireless network in ways that are equivalent to those achieved in wired networks.
Under the hood of WEP is the RC4 cipher. WEP is a living and practical example of a textbook cipher (RC4).
The following steps show a simplified version of how WEP works:
- The entities (nodes) that want to communicate securely in a wireless distribution systems agree to use WEP to secure their communications.
- Since WEP is based on RC4, which uses symmetric keys, a key (common secret) is therefore needed. The nodes choose and agree on a common secret key to be used.
- The plain-text message to be sent over the wireless medium is created by the node.
- The plain-text data is passed through a hashing algorithm to obtain a checksum.
- The checksum is appended to the plain-text data.
- A 24-bits-long initialization vector (IV) is generated and appended to the secret key. This results in a stream of data that is generated and run through the RC4 pseudo-random number generator to form a keystream that is equal in length to the original plain-text/checksum from step 5.
- An XOR operation is performed on the resulting keystream and the plain-text/ checksum combination obtained from step 5.
- The result of the XOR operation is the cipher-text or encrypted message.
- The cipher-text is transmitted over the wireless medium to the receiving node, which then proceeds to decrypt the data.
WEP is considered a deprecated method for securing wireless networks. WEP is easily broken and should not be relied on as a method for securing wireless communications. WEP is also vulnerable to brute-force attacks, dictionary attacks, reinjection attacks, and attacks that take advantage of its use of IV.
In this tutorial:
- Securing Wireless Networks
- Security Background
- Security Services
- Cryptographic Concepts and Terms
- Encryption and Decryption
- Exclusive OR (XOR)
- Asymmetric Encryption Algorithms
- Public-Private Key Cryptography
- Concealment Ciphers vs. Running Key Ciphers
- Stream Ciphers vs. Block Ciphers
- Cipher Examples
- Cipher Implementations
- Wi-Fi Protected Access
- Wi-Fi Protected Access 2 (WPA2)
- Hash Functions
- EAP Entities
- EAP Grammar
- EAP Types
- IEEE 802.11i
- Four-Way Handshake
- IEEE 802.11i Considerations