Information Technology Reference
In-Depth Information
2.
Basic Wireless Security
Some mention should be made of some basic wireless features that are often
described as security mechanisms even though they are actually ineffective as de-
terrents.
(1) Disabling the Service Set Identifier (SSID) broadcast, and changing the name
of the SSID to something other than the widely known default values. This
will only serve to deter the inexperienced or lazy attacker since SSIDs can
still be sniffed from association packets.
(2) MAC address filtering. Although MAC-based authentication is not a part of
the 802.11 standard, it is a feature on many APs. MAC filtering can be easily
bypassed though since the network traffic can be sniffed to determine which
MAC addresses are being used. All an attacker has to do at that point is to
force a host off of the wireless network (or just wait) and then assume that
host's MAC address.
(3) Protocol filtering. Even if implemented on an access point, the range of attack
vectors is so large at this point, that there are vulnerabilities that apply to
whatever protocols are supported
[15]
.
2 . 1 W i r e d E q u i v a l e n t P r i v a c y ( W E P )
WEP is an algorithm that was a part of the original IEEE 802.11 specification
with the design goals of preventing disclosure and modification of packets in tran-
sit and providing access control for the network. It uses the RC4 algorithm from
RSA Security which was first designed in 1987 and kept as a trade secret until it
was leaked on a mailing list in 1994. RC4 is a symmetric cipher, i.e., the key that
encrypts the traffic is the same key that decrypts the traffic. It is also a stream cipher,
meaning that it creates a stream of bits that are XORed with the plaintext (original
data) to create the ciphertext (encrypted data). When the data reaches the other end,
the same stream of bits is XORed with the ciphertext to retrieve the plaintext. RC4
uses a pseudo-random generation algorithm (PRGA) to create a stream of bits that
are computationally difficult for an attacker to discover. This same stream of bits is
reproduced at the other end to decrypt the data. Since RC4 is not supposed to be
reused with the same key, the WEP designers added an Initialization Vector (IV)
which is a value that changes for each packet. The IV is concatenated with the WEP
key to form the WEP seed.
Figure 1
outlines this process visually.
When a user inputs a key to configure the client wireless card, he or she must
configure the same key on the opposite end of the communication (most likely an
access point). Users provide either 40-bits or 104-bits of information for the secret
