ホーム エクスプローラ ヘルプ
サインイン
msc
/
cheatsheets
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: f7cabf3d08
ブランチ タグ
cheatsheets
/
cheatsheets
/
networking
/
WEP.md

WEP.md 2.6 KB
履歴 Raw

title: Breaking WEP categories: [cheatsheets]

tags: [networking]

Wired Equivalent Privacy (WEP)

WEP should have following security features:

  • Confidentiality
  • Data authenticity and integrity
  • Access Control

-> None of this features is secure!

WEP Security/Algorithm

-> WEP uses RC4 to generate a pseudo random keystream to encrypt the data. -> RC4 is initialized with a 24-Bit initialization Vector(IV) concatenated with a 40-, 104- or 232-Bit long Key (Kbss)

IV || Kbss -> [RC4] -> keystream

keystram (+) plaintext = ciphertext

-> WEP uses a 32-Bit CRC to the Data before encrypting

-> ciphertext = encrypt(Plaintext || CRC)

-> ciphertext and unencrypted IV are send over unenvrypted 802.11 Frame

[Frame Header][IV][ENCRYPTED PAYLOAD][Frame CRC]

Attacks

  • RC4 is only secure if, for different messages, different Seeds for RC4 are used
  • Same initialization => Same keystream
  • If an Attacker knows the keystream of one message, he can decrypt any message encrypted with the same keystream

How to get the keystream without the key?

-> Attacker needs a known Plaintext/Ciphertext pair, because of XOR:

plaintext (+) keystram = ciphertext

plaintext (+) ciphertext = keystream

To get the plaintext to a ciphertext, you find packets that always look the same

  • ARP-Packets (first 8 Bytes): 0xAA AA 03 00 00 00 08 06
  • IP-Packets : 0xAA AA 03 00 00 00 08 00

-> with this, the user can send a 8 Byte Message with this keystream

Getting more keystream bytes by doing a fragmentation attack

  • uses the fragmentation of 802.11
  • specified by one bit in the Frame header
  1. send two 8 Byte messages with the known (8 Byte) keystream
  2. tell in the frame header, that these two packets are fragmented
  3. router adds fragments together and because you know both 8 Byte, youll get a 16 byte message in return

-> So know you know 16 byte of the keystream

More at:

https://www.aircrack-ng.org/doku.php?id=fragmentation

Another method to get more keystream bytes:

if you have 8 known Bytes of the keystream, how to get the 9. Byte?

  • "bruteforce" all 256 possible values, and inspect the network traffic wich byte is the correct one
  • the router discards the packets with the wrong key, and forwards the packet send with a correct key
  • repeat for more bytes

Calculate the Key (Kbss)

  • Bruteforce (only possible with the 40-Bit Kbss)
  • Weak IV Attack or PTW Attack

Paper at:

https://dl.aircrack-ng.org/breakingwepandwpa.pdf

Integrity can also be broken

  • CRC (cyclic redundancy check) is linear
  • combination of two correct packets gives another packet with correct CRC