In this article, we will introduce WEP and highlight its weaknesses which makes it vulnerable to third-party attacks.

What is WEP ?

The radio channel is a shared medium, thus wireless networks are more susceptible to eavesdropping than wired networks. So something was needed to provide the confidentiality of the data transmitted over the air to be comparable with traditional wired networks. Thus WEP was introduced to secure IEEE 802.11 wireless networks.

It was supposed to offer good security at the following three levels:

1. Confidentiality: prevention of eavesdropping through the use of encryption
2. Access control: providing authentication mechanisms and the option of discarding improperly encrypted packets
3. Data integrity: prevent tampering with transmissions through the use of a data checksum

Unfortunately, the algorithms used in WEP are selected by cryptographic amateurs.

Is WEP Secure?

Serious weaknesses have been identified by cryptanalysts by showing that a WEP connection can be cracked with readily available softwares within minutes.




And below is the list of some of the weaknesses that WEP suffers from:

1. Poor encryption algorithm RC4
2. Key lengths are : 64 bit WEP ( 40 bit Key + 24 bits Initialization Vector ‘IV’), 128 bit WEP (104 bit key + 24 IV ), 256 bit WEP (232 bit key + 24 IV). But having longer keys doesn’t mean more security, but one needs to intercept more packets to be able to crack the network.
3. Shared key is rarely changed
4. The cyclic redundancy check (CRC) is insecure, since it is possible to alter the payload and update the message CRC without knowing the WEP key.

The picture above shows how encryption is done. It is possible to intercept two transmitted data having same IV since a busy access point can exhaust the IV space in approximately 5 hours.

Knowing that the key is the same and we have the same IV in the two intercepted packets:

(Transmitted packet1) xor (Transmitted packet 2)
= (Plaintext_CRC1 xor KEY_IV) xor (Plaintext_CRC2 xor KEY_IV)
= Plaintext_CRC1 xor Plaintext_CRC2
And these two can be found by statistical analysis.

So in this article, we introduced WEP and we highlighted its weaknesses. In the following tutorial, we will take a closer look on how to hack a network using the readily available software.

Note: All these tutorials are for Educational Purposes.

Filed under: NETWORK SECURITY