Page 3 of 3
A wireless network has all of the security problems of a wired network plus the additional drawback that it broadcasts the data packets rather than keeping them safe inside the wires.
Extra security in the form of Wired Equivalent Privacy (WEP) was designed into all of the standards to, as its name suggests, make a wireless network as secure as a wired network. Unfortunately this is one area where the standards got it wrong. The first problem is that WEP is turned off by default and even though it’s flawed it’s better than nothing.
The second problem is that it is often based on using a very short cryptographic key and the RC4 cipher algorithm. It works by using a secret key, a 64-bit number, and using it to create a seemingly random stream of bits – the key stream. The key stream is combined (Exclusive ORed) with the data before it is transmitted. When it is received the same key is used to generate the same key stream and this is used to recover the data.
How WEP works
The 64-bit key is obtained by combining a 40-bit WEP key with a random 24-bit initialisation value. The initialisation value is transmitted with the packet and is unencrypted. As long as the receiver has access to the same 40-bit WEP key then the initialisation value can be used a second time to recover the 64-bit key and decode the data.
What is wrong with WEP?
The fact that it uses only a 40-bit key makes it possible to decrypt using brute force. Most modern wireless cards and software supports larger keys but this doesn’t help with the next two problems. The initialisation value is only 24 bits long and this means that is reused too often, giving an attacker samples of packets encrypted using the same value. When you add to this the fact that some values are particularly easy to crack you can see why it isn’t a good method. Finally the WEP key is a “shared secret”. That is, it has to be distributed to each network user by some method or other. Distributing keys is a weakness in itself.
WPA, WPA 2 and 802.11i
The only way around the problem is to use additional security. A collection of stopgap measures called Wi-Fi Protected Access (WPA) is currently the best we have.
Add to it TKIP, which uses dynamic WEP keys, to stop eavesdroppers guessing the key and public key cryptography to distribute the WEP keys over the wireless network an it works quite well.
However another standard – 802.11i or WPA 2 – is an even better solution.
Clearly WPA is better than WEP but surveys have revealed that the majority of wireless networks don’t even use WEP and it’s important to realise that in this case the data is being transmitted unencrypted and can be read by anyone with a portable computer, a wireless network card and some purpose-built software.
What is more open networks can be used by anyone and you could find yourself liable for what they download.
If you would like to be informed about new articles on I Programmer you can either follow us on Twitter or Facebook or you can subscribe to our weekly newsletter.