WEP

There are three cryptographic design decisions common to all the WLAN security mechanisms:

• Since WLANs may comprise many different types of devices from different manufacturers, it is important that the cryptography used in a WLAN is widely available. Hence, it would not be wise to deploy proprietary cryptographic algorithms.

• Since these mechanisms are dedicated to WLAN security and do not require the flexibility of the likes of SSL/TLS, it makes sense to decide which cryptographic algorithms to use in advance and then deploy them universally, rather than require an expensive handshake to negotiate them.

• Since speed and efficiency are important, and WLANs are usually linked to some sort of fixed infrastructure, symmetric cryptography is a natural choice.

However, the cryptographic details of each of the proposed mechanisms vary considerably. We start by looking at the original proposal of WEP, which uses the following:

1. The stream cipher RC4 for encryption. A stream cipher is a reasonable choice since a wireless communication channel is prone to errors. The choice of RC4 was also reasonable at the time since it was well respected and widely deployed in other applications (although RC4 was originally a proprietary stream cipher, the details were publicly known by the time of the design of WEP). It would not be regarded as a good choice today since the security of RC4 is no longer regarded as sufficient for modern applications.

2. A simple CRC checksum for data integrity. The problem with this type of checksum is that in a similar way to using a hash function on its own to provide data integrity, an attacker can modify the data and then recompute the correct CRC checksum for the modified data. Hence, this checksum can only be relied upon to detect accidental changes to the data.

3. A simple challenge-response protocol to provide entity authentication.

Confidentiality and integrity mechanisms in WEP

In many ways, the cryptographic design of WEP was very naive. We now look at the mechanisms for providing confidentiality and data integrity in more detail to illustrate some of the design errors.

The first WEP design decision was to use a shared, fixed symmetric key in each WLAN. This same key is used by all devices for several purposes when communicating using a WEP-secured WLAN. This almost eliminates any issues regarding key establishment; however, it introduces considerable risks. In particular, if one of the devices is compromised, this key may become known to an attacker, and hence the entire network may be compromised. The original version of WEP only used a 40-bit key, but later adaptations allow much longer keys.

As discussed, one problem with deploying a stream cipher such as RC4 is the need for synchronization, especially in a potentially noisy channel such as a wireless one. Thus, WEP requires each packet of data to be encrypted separately, so the loss of a packet does not affect the rest of the data being sent. This introduces a new problem. Earlier, we discussed the negative consequences of reusing a keystream for more than one plaintext. It follows that WEP requires a mechanism to ensure that the same keystream is not reused for subsequent packets.