Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
How to crack WEP encryption
Group:Nguyen Dinh HongNguyen Son Tung
Overview
1.Introduction
2.Encryption details
3.The weakness of WEP
4.How to crack WEP key
5.Conclusion
1. Introduction
WEP = Wired Equivalent Privacy
not
Wireless Encryption Protocol
Encryption protocol for securing 802.11 wireless networks.
Design to provide the same level of security as LAN, not WLAN
History
1997: introduced / original IEEE 802.11
1999: standard ratified
2001: can be cracked
2003: Wifi Alliance → WPA (Wifi protected access)
2004: IEEE declared WEP (40 & 104) “have been deprecated”
Why WEP is still widely in use today?
The divices support: modem, wireless card, etc
Hard to config the new standard like WPA?
2. Encryption details
WEP standard support by:
802.11b: 64-, 128-bit encryption
802.11b+: 64-, 128-, 256-bit
802.11g: 64-, 128-bit
802.11A: 64-, 128-, 152-bit encryption
…
Standard 64-bit and 128-bit encryption
How WEP works?
WEP uses:
– Secret keys to encrypt data.
– RC-4 algorithm to encrypt & decrypt.
– CRC-32 algorithm checksum for integrity.
RC-4 algorithm
RC-4 is a stream cipher
Initialization Vector (IV)
Initialization Vector (IV)
24-bit, random generated by computer
→
64-bit WEP = 24-bit IV + 40-bit Key
128-bit WEP = 24-bit IV + 104-bit Key
Encryption
ICV = Integrity check value
Decryption
WEP authentication
3. The weakness of WEP
WEP is designed to provide the same level of security as that of a wired LAN not WLAN.
WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security.
The weakness of WEP
WEP use master keys directly.
Usually, only unique WEP key provide (max: 4 keys)
Small key size (40:104-bit)
Reuse and small size IVs
24-bit → ~ 16,7M keystreams
Weak ICV algorithm
CRC-32 is poor in cryptographic hash
Easy forging of SKA authentication messages
4. How to crack?
Brute force attack: very slow
Weak IV attack: slow
Keystream reuse attack: slow
Modern technique:
Injection
ARP request replay
Fake authentication
Fragmentation
…
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
Tools:
Airmon-ng: enable/disable monitor mode on wireless card
Airodump-ng: capture raw 802.11 frames
Aireplay-ng: inject and replay wireless frames
Packetforge-ng: create varius type of encrypted packets that can be used for injection.
Conclusion
WEP is not secure.
Use WPA / WPA2 encryption.
Strong password.
ReferencesWikipedia
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
http://en.wikipedia.org/wiki/RC4
http://en.wikipedia.org/wiki/Address_Resolution_Protocol
Aircrack document
http://www.aircrack-ng.org/doku.php?id=simple_wep_crack
http://www.aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients
Others
http://www.docstoc.com/docs/40998810/Wireless-Security---The-Downfall-of-WEP
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
http://www.openxtra.co.uk/articles/wep-weaknesses
http://bit.ly/ePm6XV
http://palisade.plynt.com/issues/2006Dec/wep-encryption/
...
Thank you!
Q&A