Page 202 - StudyBook.pdf
P. 202
186 Chapter 4 • Communication Security: Wireless
A new IV is used for each frame to prevent the reuse of the key from weak-
ening the encryption.This means that for each string generated, a different value
will be used for the RC4 key.Although this is a secure policy in itself, its imple-
mentation in WEP is flawed because of the nature of the 24-bit space. It is so small
with respect to the potential set of IVs, that in a short period of time all keys are
reused.When this happens, two different messages are encrypted with the same IV
and key and the two messages can be XOR’d with each other to cancel out the
keystream, allowing an attacker who knows the contents of one message to easily
figure out the contents of the other. Unfortunately, this weakness is the same for
both the 40- and 128-bit encryption levels, because both use the 24-bit IV.
To protect against some rudimentary attacks that insert known text into the
stream to attempt to reveal the key stream,WEP incorporates a checksum into each
frame.Any frame not found to be valid through the checksum is discarded.
Authentication
There are two authentication methods in the 802.11 standard:
■ Open authentication
■ Shared-key authentication
Open authentication is more precisely described as device-oriented authentica-
tion and can be considered a null authentication—all requests are granted.Without
WEP, open authentication leaves the WLAN wide open to any client who knows
the SSID.With WEP enabled, the WEP secret key becomes the indirect authenti-
cator.The open authentication exchange, with WEP enabled, is shown in Figure 4.6.
Figure 4.6 Open Authentication
Authentication Request
Authentication Response Wired Network
Association Request/Response
Wireless Client WEP Data Frame to Wired Network
WEP Key : 654321 WEP Key : 123456
Key Mismatch
Frame Discarded
www.syngress.com
