A History of WEPThe Ups and Downs of Wireless Security

Wireless Communication Beginnings Early Cordless Phones and Cell Phones

Used same idea as Walkie-Talkies Anyone with a “Scanner” could easily

eavesdrop on calls Used a Spread-Spectrum algorithm to

defeat the traditional “Scanner”

The 802.11 Standard Defines wireless communications

protocols 802.11b, 802.11g, 802.11n common

wireless network protocols Similar to early Cell Phones and

Cordless Phones at the start – no real protection

Can easily find out network names and connect to them

Invent of War Driving!

Early Security Attempts Open Access to Networks – Solution?

Filter the “unique” MAC address of the wireless cards

Problem? Keep a large list of EVERY network card

that can have access No real authentication or check takes

place MAC addresses can be “spoofed”

Introducing WEP W.E.P. – Wired Equivalent Privacy Introduced in September of 1999 First real attempt at securing open

wireless networks Attempted to make the network as

confidential as a traditional wired network Originally used a 40-bit security key,

later expanded to 104-bits, and 232-bits

A Look At WEP

IV – Initialization Vector (24-bits) Key Selected by User Combined to create a seed to generate the

keystream

All Secured Sir……. RC4 is a popular cipher used in many

security applications Problem: RC4 is a stream cipher

Keystream cannot be reused or you can get back the message

24-bit IV has a 50% chance of repeating on a busy network after 5000 IVs generated

Can also capture packets an replay them: poor authentication

Demonstration Time

After WEP WPA created to use existing hardware Fixes many of the downfalls of WEP Not without its own problems

Uses a password to generate keys Dictionary attack TKIP Algorithm used has flaws

WPA2 developed to fix WPA Made before WPA flaw discovered