Proprietary Improvements to WEP and WEP Usage

written by: Hazrul Aaron; article published: year 2007, month 04;


In: Categories » Electronics and communication » Network security » Proprietary Improvements to WEP and WEP Usage

The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards.

The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues:

  • All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design, WEP was supposed to defend small, single-cell LANs. Wireless networks of the 21st century often involve thousands of mobile hosts, making manual distribution and change of WEP keys a nightmare.

  • The WEP key supplies device and not user-based authentication. If a cracker steals or finds a lost device, he or she steals access to the WLAN this device is configured to connect to.

  • All hosts on the LAN have the same WEP key. Sniffing WLAN is as easy as sniffing shared Ethernet, and other devastating attacks can be launched. Remember that internal malcontents among employees present even more of a threat than external attackers. Users on the wireless network who share the same WEP key belong to the same data domain, even if the wireless network is split into different broadcast domains. All the internal attacker who knows WEP needs to do to snoop on traffic belonging to different WLAN subnets is to put his or her card into the promiscuous mode.

Both cryptographic and key management issues were addressed (or, at least, attempted to be addressed) by the IEEE standards committee and various WLAN equipment and software vendors.

The first response by many vendors was increasing the standard implemented WEP key length to 128 bits (so-called WEP2) or higher. As you should already know, such an approach will not help against anything but simple brute-forcing unless the IV space is increased.

The first real fixes for the WEP insecurities were probably the RSA propositions considering use of per-packet keying and elimination of the first keystream bytes. It appears that the Agere/Proxim WEPPlus has implemented the elimination of first keystream bytes or a similar solution with the release of the eigth version of the Agere/Proxim WLAN card firmware. We have tested WEPPlus against AirSnort using the AP 2000 Orinoco access point and Orinoco Gold 802.11a/b ComboCards, which used WEPPlus, and we can confirm that in a three-day traffic dumping session we didn't discover a single interesting IV frame. Of course, if some of the clients on the WLAN do not implement WEPPlus, the whole purpose of the countermeasure will be defeated because a fallback to the standard WEP will occur


Cisco SAFE blueprints implement key rotation policies that can be centrally configured at the Windows-based access control server or UNIX-based access registar. Of course, modern Cisco SAFE is fully WPA-compliant, but here we refer to the initial and still widely used Cisco Centralized Key Management (CCKM). CCKM ensures that the WEP key change occurs transparently for end users. With CCKM, it is possible to configure key rotation policies at the Cisco Aironet access points and use recording, auditing, and even charging for WLAN usage employing RADIUS accounting records. CCKM is set on a per-SSID basis and requires configured EAP-based authentication on the network. A CCKM-enabled access point on your WLAN acts as a wireless domain service (WDM) and maintains a cache of security credentials for all CCKM client devices on the subnet. Cisco has also developed its own improvements to WEP and basic WEP integrity check. These improvements include Cisco Key Integrity Protocol (CKIP) and Cisco Message Integrity Check (CMIC), which are based on the early developments of the 802.11 task group "i." They can be enabled on Cisco Aironet access points using encryption mode cipher ckip, encryption mode cipher cmic, and encryption mode cipher ckip-cmic commands on a per-VLAN basis. Thus, even the pre-WPA Cisco SAFE blueprints provide a sufficient level of 802.11 security to rely on. Of course, they still suffer from the same problem as any other proprietary security solution: You must have a uniformed Cisco Aironet WLAN. With public wireless access spots or conference WLANs, this is not possible.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. PDAs Versus Laptops
The first question that beginners ask before assembling their kit is whether a laptop or a PDA should be used for wireless penetration testing of any kind. Our answer is to use both if you can. The main advantage of PDAs (apart from size) is decreased power consumption, letting you cover a significant territory while surveying the site. The main disadvantage is the limited resources, primarily nonvolatile memory. The CPU horsepower is not that important here as we are not cracking AES. Other disadvantages are the limited amount...

2. Cryptographic Hash Functions
Can symmetric cryptography meet the requirements of the Biba model, based on the data integrity checks and proper authentication? The answer is "yes," but in a very inefficient way. Recall the practical authentication example with the UNIX (well, Linux in our case) password encryption flaw when DES in ECB is used. Of course, any of the feedback modes or 128-bit block ciphers can be used instead of DES, with the obvious performance penalties. However, in our example, MD5 scales very well. A cryptographic hash function i...

3. 802.11i Wireless Security Standard and WPA
Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (RSN) as compared to traditional security network (TSN). The "i" IEEE task group was supposed to produce a new wireless security standard that should have completely replaced legacy WEP by the end of 2003. In the meantime, some bits and pieces of the incoming 802.11i standard have been implemented by wireless equipment and software vendor...

4. Penetration Testing as Your First Line of Defense
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...

5. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...

6. Examples and Analysis of Common Wireless Attack Signatures
The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source on wireless network intrusion tool detection and attack signatures we are aware of is Joshua Wright's "Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection" and "Detecting Wireless LAN MAC Address Spoofing" papers. A large part of this tutorial is inspired by these brilliant articles and our experience of analyzing WLAN tr...

7. Deploying a Wireless IDS Solution for Your WLAN
How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none. There are many wireless IDS solutions that look for illicit MAC addresses and ESSIDs on the monitored WLAN. Some of these solutions are even implemented as specialized hardware devices. Although something is better than nothing, in our opinion such "solutions" are a waste of both money and time. They might also give you a false sense of security. Let's...

8. Hash Functions Their Performance and HMACs
Other widely used hash functions include 128-bit MD5 from RSA Data Security, Inc., which is a very fast and commonly implemented hash. MD5 is traditionally used to encrypt Linux user passwords (hashes start with the "$1$" character), authenticate routing protocols like RIPv2 and OSPF, create checksums of binaries in RPMs, and verify the integrity of Free/OpenBSD ports files. The specifications of MD5 are available in RFC 1321. Host intrusion detection tools like Tripwire (http://www.tripwire.com) use MD5 to take snapshots of a syst...