Making the Most from WEP

We all know by now that 802.11’s wired equivalent
privacy
(WEP) isn’t good enough to protect our data. That isn’t just the
theory, it’s a fact. Sure, WEP will stop Joe Wireless, but freely available
programs like AirSnort enable Joe
Cracker break into your WLAN with little trouble.

Thus equipped, a cracker only needs some patience to mount a successful invasion.
Specifically, it usually takes only five to ten million packets to break WEP
encryption. And, at fifteen million packets, it’s almost dead certain that a
dedicated attacker can pry the lid off your network traffic. Or, to put it another
way, a small WLAN with four active users is almost certain to be cracked with
two weeks of eavesdropping.

Making matters even worse, the cracking techniques most frequently used will
work equally well no matter what WEP key length you’re using. Thus, a 128-bit
key is just as vulnerable as a 64-bit key. Indeed, even if a WEP key was 1,204
bits, it still as crackable by today’s methods as one’s that the minimal 64-bits.

How can that be? To understand how that works, you have to look closely at
how WEP actually generates and manages, or more to the point doesn’t, manage
its encryption keys.

Every WEP packet is encrypted separately with an RC4 cipher stream generated
by an encryption key. That key is made up of a 24-bit initialization vector
(IV) and either a 40-bit or 104-bit WEP key that’s usually set by your wireless
device. Combined, they have a total length of 64 or 128-bits, hence the popular
names of 64 and 128-bit WEP keys (some vendors use to call the 64-bit key a
40-bit key, but they simply weren’t including the 24-bit IV — so 64 and 40-bit
WEP are the same thing). This transmitted packet is generated by a mathematical
operation called ‘bitwise exclusive OR’ (XOR) using the packet sent to your
network interface card (NIC) by your computer and the RC4 encryption key.

With me so far? Now, the first thing that kills WEP’s fundamental security
is that every packet you send also includes the IV in plaintext. In short, any
would-be snooper can immediately see part of the key.

Now, because the IV is only 24-bits long, you can only get 16,777,216 different
RC4 encryption streams for every key, regardless of how long the rest of the
key is. Sounds like a lot doesn’t it? It’s not even close to enough. The plaintext
IV is constantly reused and it takes many packets to send even a quick "Hi,
how are you?" instant message, so it doesn’t take long for a snooper to
gather up enough packets to start cracking your messages.

If that was WEP’s only weakness, it would still be insecure but it would take
a serious processing power and a lot more packets to break into a WLAN. Unfortunately,
RC4 has another problem. Not all of those close to 17-million possible IV numbers
work as well as others in RC4. When one of these approximately 9,000 ‘Weak IVs’,
are used to encrypt packets, a snooping program can recognize and collect them.
These Weak IVs give additional clues on the full encryption key, no matter its
length, and so they make breaking WEP that much easier.

There are other theoretical ways to take advantage of WEP, but the combination
of these two ways of exploiting the IV have proven to be easy and effective
enough that little effort is being spent on developing software to exploit these
holes. Trust me, the existing way to pry open a WEP-protected network work more
than well enough.

What Can You Do?

Well, for one thing you can’t wait around for a solution. Yes, there are replacements
to WEP coming like Wi-Fi Protected
Access
(WPA), but it has problems of its
own
. 802.11i, which hopefully will take care of wireless security until
someone works out bigger and better ways of cracking wireless, is still a work
in progress.

In the meantime, you can make the most of WEP by changing your key frequently.
I would recommend small offices with security concerns do this once a week,
while companies with ten or more wireless PCs with sensitive information should
change the WEP daily.

Sounds easy doesn’t it? It’s not. When they built WEP, they didn’t build in
network key management. With almost all WLAN NICs and APs, you have to manually
reset WEP to the new IV on each and every device, one by one.

That may only be annoying in your home office, but it’s a true pain in the
rump for network administrators with dozens or even hundreds of wireless-enabled
devices. Not to mention that if you enter the IV wrong on a PC, its user will
find that it can’t get on the network. Adding insult to injury, if you get it
wrong on an access point (AP), the entire area of the network that access point
serves will be out of action.

Of course, you could have your users reset their own computer’s WEP settings,
but that’s just asking for a technical support disaster of epic proportions.

Besides simply resetting your WEP key, you should follow these simple rules
for making WEP as secure as possible. If your WEP software asks you for a passphrase
or string to generate a key, do not use your SSID, company name, network
name, or any other easy to guess alphanumeric string. Treat setting WEP keys
the same way you a strong password. Why make life any easier for a cracker then
it already is, right?

If you must manually enter the key, you’re restricted to the numbers ‘0-9’
and letters ‘a-f’ In this case, don’t simply hit the same key over and over
again or use some simple pattern like 1,2,3, and so on.

If you do this, and change your key frequently, you can maximize WEP’s minimal
protection. Good security? Heck no! But, it’s definitely better.

Looking Ahead and Beyond WEP

Come the day that 802.1x arrives
in all wireless, we’ll finally get key management. Alas, while 802.1x is available
in Windows XP, and some access points and proprietary setups, but it’s still
relatively uncommon. Implementing it properly in WLANs is an issue being dealt
with in the still unfinished 802.11i. Eventually, we’ll all use 802.1x for our
WLANs, but that day isn’t here yet.

Of course, there are add-on solutions, like Cisco’s LEAP which is adds a proprietary
take on Extensible Authentication Protocol (EAP) combined with RADIUS. It works
well, and it enables new WEP keys per session. It also, however, requires that
all the equipment be LEAP enabled, which isn’t cheap — you then have to replace
any older WLAN NICs and access points.

Another path often taken is to use a Virtual Private Network (VPN) to encrypt
all WLAN communications. While straight-forward it enough, it does mean that
you’ll need to either add VPN software, or in the case of some operating systems
like Windows XP, Linux and the BSDs, implement their VPN features. VPNs must
also be coordinated across the network, but VPNs can be centrally managed thus
making running them much easier for administrators and users alike.

So, in summary, if you want the best WLAN security today, either use an add-on
approach like LEAP and be ready to use only equipment from a single vendor–or
be ready to work with the added complexity of a VPN.

But, if you’re willing to take the time and trouble, WEP alone can still be
useful.

News Around the Web