- Saturday September 6, 2008 - 9:03:15 pm BST
- registered : 956050
- online : 40989
- questions/day : 4654
- Answer rate : 75.97%
- 18:55 outlook express where do i find it (Software)
- 18:17 Powerbook G4 does not recognize hard... (MacOS)
- 17:46 Login problem: 'The specified domain... (Windows)
- 16:16 12" powerbook reboot no destination disk (MacOS)
- 16:06 I need help downloading my drivers (Windows)
- 15:32 cannot install windows xp (Windows)
Wifi - 802.11
|
Introduction to WEP
To solve transfer security issues on wireless networks, the 802.11 standard includes a simple data encryption mechanism called WEP (Wired equivalent privacy).
WEP has many flaws, making it vulnerable. Nevertheless, it exists as a security solution in all WiFi devices, which explains why it is so commonly used by the general public, as well as by some businesses.
There are, however, alternatives to WEP, such as WPA or WPA2.
WEP - Wired Equivalent Privacy
WEP is an 802.11 data frame encryption protocol that uses the symmetrical algorithm RC4 with 64-bit or 128-bit keys.
The concept of WEP involves setting a secret 40-bit or 128-bit key ahead of time. This secret key must be declared to each adapter on the wireless network, as well as to the access point for a network in infrastructure more. The key is used to create a pseudo-random number of the same length as the data frame.
Each data transmission is encrypted this way, by using the pseudo-random number as a "mask"; an "Exclusive OR" operation is used to combine the frame and the pseudo-random number into an enciphered datastream.
Limits of WEP
The session key shared by all stations is static, which means that to deploy a large number of WiFi stations, they must be configured using the same session key. Therefore, knowing the key is all that is needed to decrypt the signals.
Furthermore, 24 bits of the key are used only for initialisation, which means that only 40 bits of a 64-bit key, or 104 bits of a 128-bit key, are actually used for encryption.
For a 40-bit key, a brute force attack (which tries all possible keys) might not stop a hacker from quickly finding the session key. Also, a flaw detected by Fluhrer, Mantin and Shamir in the generation of the pseudo-random stream makes it possible for the session key to be discovered by storing and analysing 100 MB to 1 GB of traffic.
Therefore, WEP is insufficient for actually ensuring data privacy. Nevertheless, it is strongly recommended to use at least a 128-bit WEP key to ensure a minimum level of privacy. This can reduce the risk of intrusion by 90%.
Improving authentication
In order to more effectively manage authentication, authorisation, and accounting (AAA for short), a RADIUS server (Remote Authentication Dial-In User Service) may be used. The RADIUS protocol (defined by RFCs 2865 and 2866) is a client/server system which lets user accounts and related access permissions be centrally managed.
Setting up a VPN
For all communications which require a high level of security, it is better to use strong encryption of data by installing a virtual private network (VPN).