What Is a Wireless Network? 357
Its problems arise from the following circumstances:■ The protocol was designed without input from the academic community or the public,
and professional cryptologists were never consulted.■ It provides no clearly defined method for key distribution other than preshared keys.
As a result the keys are cumbersome to change on a large scale and are very rarely
changed in many cases.■ An attacker gaining ciphertext and plaintext can analyze and uncover the key.
■ Its design makes it possible to passively uncover the key using sniffing tools and
cracking tools available freely in operating systems such as Kali Linux.■ Key generators used by different vendors are inconsistently and poorly designed,
leading to vulnerabilities such as issues with the use of 40-bit keys.■ The algorithms used to perform key scheduling have been shown to be vulnerable to attack.
WEP Problems and Vulnerabilities
WEP suffers from many flaws that make it easy to compromise by even a slightly skilled
attacker. These flaws are in the following areas:
■ CRC32 (Cyclic Redundancy Check) used in the integrity checking is flawed and with
slight modifications packets may be modified consistently by attackers to produce their
desired results.■ Initialization vectors (IVs) are only 24 bits in length, meaning that an entire pool of IVs
can be exhausted by a mildly active network in 5 hours or less.■ WEP is susceptible to known plaintext attacks through the analysis of packets.
■ Keys may be uncovered through the analysis of packets, allowing for the creation of a
decryption table.■ WEP is susceptible to denial-of-service (DoS) attacks through the use of associate and
disassociate messages, which are not authenticated by WEP.WEP makes extensive use of initialization vectors. An IV is a randomized
value that is used with the secret key for data encryption purposes. When
these two values are combined, they form a number used once (nonce).The idea behind using an IV is that through the use of such a mechanism
randomness of data is assured, making detection of patterns or frequency
of data more difficult. However, flaws in the generation of IVs in WEP can
make it vulnerable to analysis and cracking.Breaking WEP
Undoubtedly you have heard a lot about how poor the WEP protocol is and how you should
not use it. In this section we’ll explain how WEP is broken so you can see the process and
how everything pulls together.