The Wired Equivalent Privacy protocol was designed to make wireless transmission as secure as transmission over a network cable (Doug Lowe, 2008). Wired Equivalent Privacy (WEP) was meant to achieve these by encrypting all data transmitted within the WLAN. In line with all other security structures, the main objective of the WEP is to provide confidentiality, integrity, and availability (CIA) to the wireless network.
However the WEP protocol barely achieves the above mentioned goals as a research group in the University of California at Berkeley published a report citing "major security flaws" in the WEP protocol (Khan and Khwaja, 2003).
The method of encryption utilized in the Wired Equivalent Privacy (WEP) protocol is quite simple to understand as it uses the RC4 stream cipher to encrypt wireless data (Earle. A, 2005). The RC4 like other stream cipher is a pseudo-random key stream generator. In WEP, the generated key is then encrypted by combining it with the plain text in an XOR process. On the other hand to decrypt, the cipher text and the key stream is XORed
The WEP integrity check is the check sum that the receiving station eventually recalculates and compares with the one sent by the sending station to determine whether the transmitted data underwent any form of tampering while intransient (Radhamani and Radha, 2007). The ICV is based on a cyclic redundancy check value (CRC-32) which is efficient in the detection of bit error rates but not authentication.
Wi-Fi Protected Access (WPA)
Compared with WEP, WI-FI Protected Access (WPA) improves encryption by considering two schemes: a large IV and changing security keys through Temporal Key Integrity Protocol [TKIP] (Akyildiz and Wang, 2009). The WPA was meant to serve as an advancement in the WEP encryption. Similar to the WEP, the Temporal Key Integrity Protocol (TKIP) uses the RC4 stream cipher to generate a Keystream.
The TKIP employs a message integrity code (MIC) known as Michael. Michael produces a 64-bit message integrity code (MIC) that is a combination of the MIC key, the client and server MAC addresses code.
WPA2 (Wi-Fi Protected Access)
WPA2 which was introduced in the IEEE 802.11i is an enhancement on the WPA encryption scheme. The major disparity between the WPA and the WPA2 is the fact that the WPA2 employs the Advanced Encryption Standard required (AES)-CCMP.
WLAN VULNERABILITIES AND FEATURES
Despite the many advantages obtained from the deployment of WLAN's, they however still have a number of vulnerabilities associated with them. This is primarily down to the fact that the network elements are linked by radio waves. Before we take a look at these vulnerabilities and the possible ways of mitigating against them we would briefly review the main security features of the WLAN.
WLAN Security Features
Service Set Identifier (SSID)
The SSID is defined in the IEEE 802.11 standard as the name of the WLAN, and not as an authentication mechanism (Tipton and Henry, 2006). This name enables the wireless stations to connect to their network of choice in the event that the area has more than one available network from the same manufacturer.
MAC Address Filters
The MAC Address filter contains the MAC addresses of the wireless NIC's that may be associate with any AP (Ohrtman, 2004).
Like all other wireless networks, the WLAN is vulnerable to several attacks. However in the case of the wired networks, access to the network may be restricted by setting up physical obstructions between the client and the network. Also cables and jacks that are not being utilized can be disabled. On the other hand in a wireless setup, this level of physical restriction is not possible as the medium of data transfer is the air and attacks can be carried out from remote locations as attackers have direct access to the transport medium.
One of the major vulnerabilities of the WLAN is the fact that its wireless security controls are turned off or deploy the weak WEP by default. In as much as these security features do not completely protect the client from attacks, leaving them at the default state puts the network at great risk. Better that you should have minimal security measures as opposed to having no security enabled (Stewart Miller, 2003).
Denial of Service (DoS)
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services (US-CERT, 2010).
Rogue Access Point
A rogue access point is any Wi-Fi device that is connected to the wireless infrastructure but not under the management of the proper network administrator (Coleman and Westcott, 2009).
Invasion and Resource Stealing.
An intruder may be able to gain access to a several networks resources or obtain an authorized stations access by gathering information on the authentication process of a WLAN. These network resources might be include internet access, printer's e. t. c. The attacker's main point here is to attempt to acquire the access parameters of the target network.
Brute Force Attacks
Access points which utilize a single key instead of a symmetric key shared by all connecting wireless clients are vulnerable to brute force dictionary attacks where attempts are made to determine or break this key by systematically trying all possible password combinations until the right one is found.
Static WEP Keys
The IEEE 802.11b does not provide for per-session WEP keys. Furthermore the static WEP key has to be physically inputted at all the client systems in the WLAN and since it does not change, this system is flawed and susceptible to brute force dictionary attack of the key based on a dictionary word.