A review of Wireless Security protocols

(WEP, WPA, and WPA2) Christopher P. Murphy

TSYS School of Computer Science Columbus State University Columbus, Georgia, United States [email protected]

Abstract—Wireless security is gaining importance as the number of wireless enabled devices increases. This paper is intended to give an overview of three protocols for wireless security: WEP, WAP, and WPA2. The paper, A Survey on Wireless Security protocols, Arash Habibi Lashkari, Mir Mohammad Seyed Danesh, and Behrang Samadi will serve as the basis of the paper. In a similar format, I will discuss the three wireless security protocols, giving an overview of their process and will also explore the weakness of each. I will also provide a critique of the paper by Lashkari/Danesh and will suggest improvements that could be made. I decided on this topic as I didn’t know much about Wireless Security protocols and wanted to learn more about them.

section solely devoted to a solution, as my solution will be to add clarity and understand to the Wireless Security protocols while using A Survey on Wireless Security protocols as a basis.

Keywords-WEP, WPA, WPA2, Wireless Security, 802.11, 802.11i, 802.11x

Fig 1: 802.11 and OSI Model I.

I NTRODUCTION The authors of A Survey on Wireless Security protocols, Lashkari, Danesh, and Samadi, attempt to give an overview of the three main Wireless Local Area Network (WLAN) security protocols in an attempt to address the problems related to a lack of knowledge of Wireless Security. In the Introduction, they state that the 802.11 WLAN standards are for the two lowest layers of the OSI network model. They don’t state what OSI is. OSI is the Open Systems Interconnection Model. It is a way of subdividing a communications system into smaller parts called layers.[2] The two lowest layers in the model are Physical Layer and Data Link Layer. Figure 1 is the figure they gave to show the network. Though it is difficult to read, it does a good job of showing where the Wireless Security protocols fit into the network picture. The authors go on to state how privacy in a WLAN is achieved by protecting the data with encryption. The also note how encryption is optional in the 802.11 WLAN. However, any wireless device can read all the traffic on the network. With the goal of protecting users data and privacy, the following security protocols are given. WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and WPA2/802.11i (Wi-Fi Protected Access, Version 2) In Section 2 of this paper, I will go through each of the Wireless Security protocols that the authors covered and attempt to add clarity where I feel it is needed. In Section 3, I will mention some related works that will help to add clarity. Some of these might also be mentioned in Section 2. Section 4 will give the conclusion of the paper. I will be including a II.



WEP (Wired Equivalent Privacy)

WEP was created so that Wireless Networks would have the same protection as wired local area networks. This protection was based on the use of the RC4 algorithm. It was designed by Ron Rivest of RSA Security in 1987.[3] WEP takes five operations to encrypt the data to be transmitted. The authors of the paper state that there are four operations, then detail five operations. I have reformatted the operations for readability. Figure 2 is the graphic proviced by Lashkari, Danesh, and Samadi that shows the following steps: 1.

A 40 bit ‘secret’ key is concatenated to a 24 bit Initialization Vector (IV) to form the encryption/decryption key. 2.

The key acts as a seed for a Pseudo Random Number Generator (PRNG). 3.

The plain text date is used to create an Integrity Algorithm which is then concatenated with the plain text. 4.

The key and the concatenated plain text/Integrity Algorithm are passed to the RC4 algorithm.


The final message is made by attaching the IV to the front of the message produced from step 4. with Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC). MIC uses hashing to prevent a bit flipping attack to which WEP is open. Figure 3 provides a picture of the WPA process. Figure 2: WEP encryption Algorithm (Sender) The receiving side uses five operations to decrypt the message from the sender. 1.

As was done by the sender, the shared key is concatenated with the IV for form decryption key. 2.

The decryption key and the cipher text are passed to the RC4 algorithm. 3.

Plain text and the ICV are separated from the output of the RC4 algorithm. 4.

The plain text is passed to the integrity algorithm and a new ICV is created. 5.

The new ICV is compared to the old ICV to ensure that they match. There are some inherent weaknesses in WEP that the authors give while referring to a previous article they had published for more information. The following list provides some of the weaknesses of WEP [4]:   Does not prevent forgery of packets Will not stop replay attacks. Recorded packets can be resent and will be accepted.  Improper use of RC4 due to weak keys. They can be easily broken with brute force methods.  Reuse of initialization vectors. Some cryptanalytic methods can decrypt data without knowing the encryption key if initialization vectors are reused.  An attacker can modify a message without knowing the encryption key.  There is a lack of key management and updating them is done poorly.  There is an inherent problem with the RC4 algorithm.


WPA (Wi-Fi Protected Access)

WPA was developed to solve the problems associated with WEP without a need for uses to change hardware. WPA is used in two ways, The Pre-Shared Key (WPA-PSK) also known as personal, and Enterprise WPA that uses an 802.1x authentication server. We will focus mainly on the WPA-PSK for this discussion. WPA uses a 256 bit encryption key, but unlike WEP, the key is never transmitted as each host on the network already possesses the key. WPA uses more complex data encryption Figure 3: WPA Encryption Algorithm As can be seen from the diagram, WPA uses the same RC4 process that was used by WEP. However, the main difference is that there is a hashing of the key prior to the use of RC4 by TKIP. After the key is generated, it is used with the XOR of the text that is to be encrypted. MIC is used for message integrity. To stop replay attacks, TKIP reuses the WEP IV field for sequencing. An advantage of WPA of WEP is the use of temporal keys which have a fixed lifetime and get replaced often. Since WPA is based on the same RC4 technology that WEP is based, it is vulnerable to some of the same types of attacks. The paper refers to Robert Moskowitz 2003 article “Weakness in Passphrase Choice in WPA Interface” where he states that “a key generated from a passphrase of less than about 20 characters is unlikely to deter attacks. The use of brute force dictionary attacks can be used to crack the WPA encryption key.


WPA2/802.11i (Wi-Fi Protected Access, Version 2)

The 802.11i standard is nearly identical to WPA2 and the terms are used almost interchangeably. WPA2 was designed as a future solution based on the lessons learned form WEP. It is based on Advanced Encryption Standard (AES) which is the successor for Data Encryption Standard. WPA2 supports two types of security like WPA, the personal and enterprise versions. WPA2 personal relies on a sharing of the key among the hosts on the network. That makes it susceptible to the same type of problems in WPA2. The paper goes into very little detail about WPA2. III.

RELATED WORK There is a great deal of information available about Wireless Network Security. I found a lot of articles about each of the wireless security protocols, but others that cover all three of the protocols covered in “A Survey on Wireless Security Protocols” are rare. If fact, I didn’t find another good source that incorporated all three in one article. The article “Intercepting Mobile Communications: The Insecurity of 802.11” by Nikita Borisov, Ian Goldberg, and David Wagner gave more detail about WEP and its security issues, but did not cover WPA or WPA2.[5] It did help me gain a better understanding of WEP.

In the text, Computer Networking, A Top-Down Approach, by J. Kurose and K. Ross, section seven in chapter eight (8.7) addresses the topic of Securing Wireless LANs. This section gives a good overview of WEP and 802.11i. The book also gave me a reference to The Unofficial 802.11 Security Web Page, and meaning of terms. . This site provided links to several papers related to Wireless Network Security. These papers were used for familiarization purposes. I also used Wikipedia a great deal for looking up definitions description to help the reader further understand the points that the authors were trying to make. One other approach that might have helped would be a table or grid showing the common components of the protocols as well as their differences. A limitation of a paper providing additional information about WEP, WPA, and WPA2 is that it might become too long. However, the paper reviewed was not excessively long and could have provided more information. IV.

C ONCLUSION Most of the papers I reviewed went into a great deal of detail about one of the wireless security protocols. Lashkari, Danesh, and Samadi did a good job of creating a paper that covered three of them. One recommendation I would make is that more detail could have been provided about the working of the three protocols. Also, the structure in which some of the information was provided could have been better. There were times that it was difficult to follow the writing. Some of it could be attributed to language translation issues. I did like the figures that the authors provided. They were good for giving a visual [1] [2] [3] [4] [5] [6] V.

R EFERENCE : A. H. Lashkari, M. M. S. Danesh, and B. Samadi, “A survey on Wireless Security protocols (WEP, WPA, and WPA2/802.11i). Arash Habibi Lashkari, F. Towhidi, R. S. Hoseini, “Wired Equivalent Privacy(WEP)”, ICFCC Kuala Lumpur Conference, 2009. N. Borisov, I. Goldberg, D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11,” International Conference on Mobile Computing and Networkin, 2001. J. Kurose, K. Ross, Computer Networking, A Tob-Down Approach, Addison-Wesley, 2010.