Page 220 - StudyBook.pdf
P. 220

204    Chapter 4 • Communication Security: Wireless

                  2. Extracts the IV from the frame to concatenate it with the shared secret
                      WEP key.

                  3. Creates the keystream using the RC4 key schedule.
                  4. XOR’s the ciphertext with the keystream to create the plaintext.
                  5. Performs an integrity check on the data using the ICV appended to the
                      end of the data.

                 A central problem with WEP is the potential for reuse of the IV.A well-known
             vulnerability of stream ciphers is the reuse of an IV and key to encrypt two dif-
             ferent messages.When this occurs, the two ciphertext messages can be XOR’d with
             each other to cancel out the keystream, resulting in the XOR of the two original
             plaintexts. If the attacker knows the contents of one of these plaintext messages,
             they can easily obtain the plaintext of the other message.
                 Although there are 16,777,216 possible combinations for the IV, this is actually
             a relatively small number. On a busy wireless network, the range of possible combi-
             nations for the IV can be exhausted in a number of hours (remember, each frame
             or packet uses a different IV). Once an attacker has collected enough frames that
             use duplicate IVs, they can use the information to derive the shared secret key. In
             the absence of other solutions for automatic key management and out-of-band or
             encrypted dynamic key distribution, shared secret WEP keys have to be manually
             configured on the APs and wireless client workstations. Because of the administra-
             tive burden of changing the shared secret key, administrators often do not change it
             frequently enough.
                 To make matters worse, hackers do not have to wait until the 24-bit IV key
             space is exhausted to find duplicate IVs (remember, these are transmitted in the
             frame of the message). In fact, it is almost certain that hackers will encounter a
             duplicate IV in far fewer frames or discover a number of weak keys.The reason is
             that upon reinitialization, wireless PC cards reset the IV to “0.”When the wireless
             client begins transmitting encrypted frames, it increments the IV by “1” for each
             subsequent frame. On a busy network, there are likely to be many instances of
             wireless PC cards being reinitialized, thereby making the reuse of the low-order IVs
             a common occurrence. Even if the IVs were randomized rather than being used in
             sequence, this would not be an adequate solution because of the birthday paradox.
             The birthday paradox predicts the counterintuitive fact that within a group as small
             as 23 people, there is a 50 percent chance that two people will share the same
             birthday.





          www.syngress.com
   215   216   217   218   219   220   221   222   223   224   225