wep
DESCRIPTION
TRANSCRIPT
LOGO
Wired Equivalent Privacy - WEP -
Wired Equivalent Privacy (WEP)
IntroductionOverviewAuthenticationEncryptionDecryptionRecommendsQ&A
Introduction
A wired LAN : physical security
A wireless LAN : radio waves environments
Introduction (Cont)
Introduced in1997Bring the security of wired to wireless
networkThe first and most used-widely algorithm
for wireless network
Ways to Attack
Passive Attacks (Sniffer) Hack WEP Hack WPA, WPA2 Sniffer Packets
Ways to Attack (Cont)
Active Attacks
Ways to Attack (Cont)
Jamming Attacks
Ways to Attack (Cont)
Man In Middle Attacks
Overview
Protect data privacy WEP (Wired Equivalent Privacy)
Protect data integrity CRC (Cyclic Redundancy Check)
Overview (Cont)
Provide authentication and encryptionAll rely on share keyUses RC4 for encryption
Overview (Cont)
Discard wrong framesUses ICV (Integrity Check Value)
Authentication
Open System AuthenticationShared Key Authentication
Shared Key Authentication
Encryption
Transmission Data
Decryption
XOR
A B A XOR B
1 1 0
1 0 1
0 1 1
0 0 0
What’s Problem ???
IV : 24 bit, small, plain text, staticIV : a part of the RC4 encryption keyICV : not encrypted
Data integrity : not safe
Breaking the Authentication
Collecting :–Clear-text challenge–Encrypted text
Compute the RC4 key
Recommends
Avoid WEP, use WPA or WPA2Don’t use a weak keyChange key periodicallyUses tools
Q&A