Cryptography Reference
In-Depth Information
Chapter 7
WEP and WPA Attacks
In the last decade of twentieth century, wireless LANs (WLANs) became
prevalent, where devices are connected without wire to an IP network. Be-
cause wireless data is accessible publicly, extra security measures are required
to protect such networks.
IEEE LAN/MAN Standards Committee has specified a set of standards,
collectively called IEEE 802.11, for carrying out WLAN communication. The
first version of the standard was released in 1997 and allows a maximum speed
of 2 Mbits/s at a frequency band of 2.4 GHz. It has three alternative physical
layer technologies: diffuse infrared operating at 1 Mbit/s, frequency-hopping
spread spectrum operating at 1 or 2 Mbit(s)/s and direct-sequence spread
spectrum operating at 1 or 2 Mbit(s)/s. This standard also specifies a simple
security protocol called Wired Equivalent Privacy or WEP [92] with the idea
that it should provide the same level of privacy to the legitimate users of
an IEEE 802.11 network, as they would have with a wired network. WEP
incorporates RC4 for encrypting the network tra
c.
In 1999, two enhancements of the original standard, namely, IEEE 802.11a
and 802.11b, were released. They did not introduce any new security feature,
but offered wider bandwidth and/or higher speed. The IEEE standard 802.11a
operates in the 5 GHz band with a maximum data rate of 54 Mbits/s. It uses
the same data link layer protocol and frame format as the original standard,
but with an orthogonal frequency-division multiplexing (OFDM) based air
interface. IEEE standard 802.11b has a maximum raw data rate of 11 Mbits/s
and uses the same media access method defined in the original standard. This,
with direct sequence spread spectrum, is popularly known as Wi-Fi (comes
from the word Wireless Fidelity and is a trademark of the Wi-Fi Alliance).
IEEE 802.11g, proposed in 2003, works in the 2.4 GHz band like 802.11b,
but uses the same OFDM based transmission scheme as 802.11a and operates
at a maximum physical layer bit rate of 54 Mbits/s. In 2009, an amendment
was released with the name of 802.11n which improves upon the previous
802.11 standards by adding multiple-input multiple-output (MIMO) antennas.
It operates on both 2.4GHz and 5GHz bands.
In 2004, IEEE 802.11i standard was released which defines the successor
protocol for WEP, called Wi-Fi Protected Access or WPA [93]. Later, WPA
was replaced by WPA2 [94] which uses Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol (CCMP, an AES-based [2]
