6/29/2010 --

As wired connections proceed to go the way of the dial telephone, having an understanding of wireless networking and technology becomes imperative. In the first part of this series on going wireless, we'll look at the Wired Equivalent Privacy (WEP) standard to lay some groundwork before tacking the implementation in part two.

The 802.11 standard includes Wired Equivalent Privacy (WEP) for protecting wireless communications from eavesdropping. WEP relies on a 40-bit or 104-bit secret key that's shared between a mobile station (such as a laptop with a wireless Ethernet card) and an access point (also called a base station). The secret key is used to encrypt data packets before they are transmitted, and an integrity check is performed to ensure that packets aren't modified in transit. The 802.11 standard doesn't explain how the shared key is established. In practice, most wireless LANs use a single key that's shared between all mobile stations and access points. Such an approach, however, doesn't scale very well to an environment such as a college campus because the keys are shared with all users -- and you know how it is if you share a secret with hundreds of people. That's why WEP typically isn't used on large wireless networks, such as the ones at universities. In such wireless networks, you have to use other security approaches, such as SSH (Secure Shell), to log in to remote systems. WEP, however, is good to use on a home wireless network.

WEP has its weaknesses, but it's better than nothing. You can use it in smaller wireless LANs where sharing the same key among all wireless stations isn't an onerous task.

Is WEP Good Enough?
WEP uses the RC4 encryption algorithm, which is known as a stream cipher. Such an algorithm works by taking a short secret key and generating an infinite stream of pseudorandom bits. Before sending the data, the sending station performs an exclusive-OR operation between the pseudorandom bits and the bits representing the data packet, which results in a 1 when two bits are different and 0 if they are the same. The receiver has a copy of the same secret key and generates an identical stream of pseudorandom bits -- and performs an identical exclusive-OR operation between this pseudorandom stream and the received bits. Doing so regenerates the original, unencrypted data packet.

This stream cipher method has a few problems. If a bit is flipped (from a 0 to 1 or vice versa) in the encrypted data stream, the corresponding bit is flipped in the decrypted output, which can help an attacker derive the encryption key. Also, an eavesdropper who intercepts two encoded messages that were encoded with the same streamcan generate the exclusive-OR of the original messages. That knowledge is enough to mount attacks that can eventually break the encryption.

To counter these weaknesses, WEP uses some defenses:

• Integrity check (IC) field: To make sure that data packets aren't modified in transit, WEP uses an integrity check field in each packet.

• Initialization vector (IV): To avoid encrypting two messages with the same key stream, WEP uses a 24-bit IV that augments the shared secret key to produce a different RC4 key for each packet. The IV itself is also included in the packet.

Experts say that both these defenses are poorly implemented, making WEP ineffective. IC and IV have two main problems:

• The integrity check field is implemented by using a checksum algorithm called 32-bit cyclic redundancy code (CRC-32); that checksum is then included as part of the data packet.

Unfortunately, an attacker can flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid.

• The 24-bit IV is sent in the clear (unencrypted). There are only 224 possible initialization vectors (no big challenge for a fast machine), and they have to be reused after running through them all. In other words, the IV is repeated after sending 224, or 16,777,216, packets. The number may sound like a lot, but consider the case that a busy access point sends 1,500-byte packets at a rate of 11 Mbps. Each packet has 12,000 bits (8 x 1,500). That means each second the access point sends 916 packets (11,000,000/12,000). At that rate, the access point sends 16,777,216 packets in 5 hours (16,777,216/916 = 18,315 seconds = 5 hours). That means the IV is reused after 5 hours or less because many messages are smaller than 1,500 bytes. Thus, an attacker has ample opportunities to collect two messages encrypted with the same key stream -- and perform statistical attacks (which amount to trying the possible combinations really fast) to decrypt the message.

Now that the standards have been addressed, in the second part of this series, we'll look at configuring the hardware to allow the Linux workstation to utilize the wireless network.