Page 220 - DCAP311_DCAP607_WIRELESS

Page 220 - DCAP311_DCAP607_WIRELESS_NETWORKS

P. 220

Wireless Networks

Notes 13.7 Protective Actions

The various protective actions are as ollows:

13.7.1 Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks.
Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to
provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable
by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice
presented to users by router configuration tools.
Although its name implies that it is as secure as a wired connection, WEP has been demonstrated
to have numerous flaws and has been deprecated in favour of newer standards such as WPA2.
In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected
Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE
declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their security
goals
WEP was included as the privacy component of the original IEEE 802.11 standard ratified in
September 1999.[citation needed]WEP uses the stream cipher RC4 for confidentiality, and
the CRC-32 checksum for integrity. It was deprecated in 2004 and is documented in the current
standard.

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-
bit initialization vector (IV) to form the RC4 key. At the time that the original WEP standard was
drafted, the U.S. Government's export restrictions on cryptographic technology limited the key
size. Once the restrictions were lifted, manufacturers of access points implemented an extended
128-bit WEP protocol using a 104-bit key size (WEP-104).

A 64-bit WEP key is usually entered as a string of 10 hexadecimal(base 16) characters (0-9 and
A-F). Each character represents four bits, 10 digits of four bits each gives 40 bits; adding the 24-bit
IV produces the complete 64-bit WEP key. Most devices also allow the user to enter the key as
five ASCII characters, each of which is turned into eight bits using the character's byte value in
ASCII; however, this restricts each byte to be a printable ASCII character, which is only a small
fraction of possible byte values, greatly reducing the space of possible keys.
A 128-bit WEP key is usually entered as a string of 26 hexadecimal characters. Twenty-six digits
of four bits each gives 104 bits; adding the 24-bit IV produces the complete 128-bit WEP key. Most
devices also allow the user to enter it as 13 ASCII characters.
A 256-bit WEP system is available from some vendors. As with the other WEP-variants 24 bits of
that is for the IV, leaving 232 bits for actual protection. These 232 bits are typically entered as 58
hexadecimal characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256-bit WEP key.

13.7.2 Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols
and security certification programs developed by the Wi-Fi Alliance to secure wireless computer
networks. The Alliance defined these in response to serious weaknesses researchers had found in
the previous system, WEP (Wired Equivalent Privacy).
WPA (sometimes referred to as the draft IEEE 802.11i standard) became available in 2003. The
Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the
more secure and complex WPA2. WPA2 became available in 2004 and is a common shorthand
for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

214 LOVELY PROFESSIONAL UNIVERSITY

215 216 217 218 219 220 221 222 223 224 225