Linux Unwired [Electronic resources] نسخه متنی

4.1 The Pitfalls of WEP

The IEEE specifications for 802.11a/b/g all provide a form of
encryption called Wired Equivalent Privacy
(WEP). WEP
operates at the Media Access Control (MAC) layer, or the Data Link
layer, between the Physical Layer (radio waves) and the Network Layer
(TCP). WEP encryption is based on the RC4 algorithm from RSA Data
Security and employs a 40-bit encryption key.

Anyone who knows the secret key (unless you're the
only user on the network, this key is shared, so
it's not all that secret) can participate in a WEP
network. Secret keys are generally either plaintext words or somewhat
longer combinations of hexadecimal numbers.

There are two major problems with WEP:

Encryption is handled at the Data Link layer, so if you connect to a
WEP network with your notebook, the communication between your
notebook and the access point is encrypted. All packets are decrypted
at the access point and sent from there in the clear.

Other computers that also have the secret key for this WEP network
can read all packets sent to and from your computer. The secret key
is a "shared" key, which means that
all devices that encrypt packets must use the same key. Some access
points use a passphrase to generate the WEP key, making the key even
easier to deduce. Once you are connected to a WEP network, you can do
all the packet sniffing you want with a tool like Ethereal.

A team of cryptographers from the University of California at
Berkeley, as well as several other groups (see the references at the
end of this section), have identified weaknesses in the way that WEP
keys are generated and used, effectively making the number of bits in
the key immaterial. Even though many manufacturers have added extra
bits to the key length, up to 152 bits, the longer key length
provides minimal protection, because WEP is not a well-designed
cryptographic system.

With all of these problems, why is WEP still supported by wireless
equipment manufacturers? Until recently, there had not been another
standard for wireless encryption. You could have run a Virtual
Private Network (VPN) on top of your wireless network, but this would
have presented its own set of challenges, and it is not practical for
home or even small-business users. The Wi-Fi Alliance announced a
standard called Wireless Protected Access (WPA) in mid-2002. WPA is
based on a draft of the IEEE 802.11i specification, which will
probably be ratified in mid-2004. We cover WPA a bit later in the
chapter.

So why would you want to use WEP on your wireless network at all?
Consider it a first line of defense. While it is definitely possible
to crack its keys and gain access to a WEP network, someone who is
looking for free wireless access will choose an open network when
given the choice. However, if you are worried about an attacker
specifically targeting your network, you must take stronger measures.

Consider not using WEP at all. There are other alternatives that
provide stronger encryption and authentication, and we cover those in
this chapter. However, if you want an easy out-of-the-box setup, WEP
is your ticket. To keep your WEP network as secure as possible, keep
these guidelines in mind:

Make your secret key difficult to crack. Once a hacker has captured enough frames from
your encrypted network, he needs to run a tool to guess your secret
key. This is no different from a hacker running
crack against a password database. The more
complex your key, the less likely a standard dictionary attack will
crack it. Choose a long, complex key that utilizes nonalphanumeric
characters. If you can, use hexadecimal strings. Use the longest key
that your hardware will support. If you have access points and
clients that support 128-bit WEP, by all means use it. However, some
implementations of WEP have weaknesses that allow attackers to
recover the key even without mounting a dictionary attack.

Change your secret key often. WEP key attacks rely on two methods: a
dictionary attack or the collection of large amounts of frames data
in order to deduce the secret key. Obviously, you provide less of a
chance for an attacker to break your key when you change it often.
However, this option becomes more cumbersome with larger networks,
giving you the classic key-distribution problem.

Use WEP in combination with other security measures. If your network uses equipment from a single manufacturer, you may be
able to take advantage of nonstandard security features. Cisco and
Proxim, for example, support rapid WEP key rotation and dynamic
rekeying. If all of your clients can take advantage of these
features, use them. You should also consider whether the various IP
tunneling or VPN solutions will fit into your network infrastructure.

Several security measures that come standard with many access points
are almost useless in protecting your wireless network:

Disabling SSID broadcast

This creates a "hidden" network by
causing the access point to suppress the broadcast of
SSID information. In order to join a
network with SSID broadcast disabled, the client must manually enter
the SSID.

Premise: if you don't know the SSID, you
can't join the network.

Reality: Kismet and other wireless network scanners can easily pick
up the SSID by monitoring traffic from clients of the
"hidden" network.

MAC address filtering

Most access points allow you to set up a list of allowed network
cards by entering their MAC address. If the access point sees
a MAC address that is not on the list, it will not allow that device
to associate.

Premise: only authorized network cards can join the network.

Reality: Kismet and other wireless scanners can easily pick up MAC
addresses by monitoring client traffic on the wireless network.
Spoofing a MAC address is very easy under Linux and other operating
systems, allowing easy access to the network. Also, wireless network
cards can easily be stolen. The MAC address filter only authenticates
a device, so anyone can use it.

IP address filtering

Similar to MAC address filtering, this technique allows you to set up
a list of allowed IP addresses that can send TCP/IP
traffic on the network. Other machines may be allowed to associate
with the access point, but they would not be able to participate in
any TCP/IP network.

Premise: only known IP addresses are allowed to communicate on the
network.

Reality: any network sniffer or analyzer, such as Ethereal or
tcpdump, can easily find IP addresses in use on any given network.
Spoofing IP addresses is even easier than spoofing MAC addresses.

4.1.1 References

As mentioned previously, several groups have identified weaknesses in
the way that WEP
keys are generated and used. To learn more, consult the following
sources:

Your 802.11 Wireless Network has No Clothes (http://www.cs.umd.edu/~waa/wireless.pdf) by
Arbaugh, Shankar, and Wan. University of Maryland, March 30, 2001.

Weaknesses in the Key Scheduling Algorithm of RC4 (http://www.crypto.com/papers/others/rc4_ksaproc.ps)
by Fluhrer, Mantin, and Shamir. July 25, 2001.

Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
(http://www.cs.rice.edu/~astubble/wep).
AT&T Labs Technical Report by Stubblefield, Ioannidis, and Rubin.
August 21, 2001.

Security of the WEP Algorithm (http://www.isaac.cs.berkeley.edu/isaac/wep-faql)
by Borisov, Goldberg, and Wagner, UC Berkeley. April 1,
2001.

4.1.2 WEP with Linux

Back in Chapter 2, we covered the use of
schemes to set up multiple wireless networks on
your PC with the ability to switch between them as needed. Here again
is a sample /etc/pcmcia/wireless.opts that
contains schemes for two networks and includes the use of a WEP key:

case "$ADDRESS" in
home,0,*,*)
INFO="Home wireless setup"
ESSID="home"
MODE="managed"
CHANNEL="11"
RATE="auto"
;;
yourjob,0,*,*)
INFO="Work wireless setup"
ESSID="BigCorp"
MODE="managed"
CHANNEL="4"
RATE="auto"
KEY="s:bigsecret"
esac

Use cardctl yourjob to switch to the WEP-enabled
scheme.

The corresponding
iwconfig command to configure a WEP
key is iwconfig enc or
iwconfig key. This command accepts several
parameters:

iwconfig eth1 key [on|off]

on and off enable and disable
encryption, respectively.

iwconfig eth1 key 0a12fc132

Secret keys can be entered as hex strings with or without separating
dashes.

iwconfig eth1 key s:supersecret

ASCII secret keys can be entered in the form of
s:secretkey.

iwconfig eth1 key s:supersecret [2]

An index of keys can be generated by appending an index number in
brackets ([ ]) to the key when it is entered.

iwconfig eth1 key [2]

You can change secret keys by passing the index number of the key as
an option.

iwconfig eth1 key [open|restricted]

Two operating modes are available: open accepts
nonencrypted traffic, and restricted accepts only
encrypted packets.