Download - Academy Publisher
Download - Academy Publisher
Download - Academy Publisher
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ISBN 978-952-5726-09-1 (Print)<br />
Proceedings of the Second International Symposium on Networking and Network Security (ISNNS ’10)<br />
Jinggangshan, P. R. China, 2-4, April. 2010, pp. 039-042<br />
Security Research on WEP of WLAN<br />
Peisong Ye 1 , and Guangxue Yue 2<br />
1<br />
College of Mathematics and Information engineering, JiaXing University, ZheJiang JiaXing, China<br />
Email: yepeisong@sina.com<br />
2<br />
College of Mathematics and Information engineering, JiaXing University, ZheJiang JiaXing, China<br />
Email: guangxueyue@163.com<br />
Abstract—Wires Equivalent Privacy (WEP) is used to<br />
improve the security of wireless LAN (WLAN). By<br />
analyzing the weaknesses of WEP and RC4, we design a<br />
simulative platform including software and hardware to<br />
crack WEP keys. The results show that the WLAN based<br />
on WEP is insecure. At last we give some improvements to<br />
enhance the WLAN security.<br />
Index Terms—WLAN, Security, 802.11, WEP, RC4<br />
I. INTRODUCTION<br />
Because of the convenience of Wireless LAN<br />
(WLAN), it develops quickly. But the security of the<br />
WLAN becomes more important at the same time.<br />
Compared to wire LAN hacker can break into WLAN<br />
more easily because wireless data with electromagnetic<br />
wave are transmitted on air. Although WLAN 802.11b<br />
protocol provides some security mechanisms, they have<br />
some weaknesses and hacker can attack WLAN easily by<br />
making use of these weaknesses.<br />
In section II we briefly introduce some basic concepts,<br />
system structure, some basic security knowledge of<br />
WLAN and some methods of attacking WLAN used by<br />
hackers. The security mechanism of WLAN 802.11b<br />
protocol includes: Service Set Identifier Association<br />
(SSID Association), MAC filtering and Wired<br />
Equivalent Privacy (WEP). Attacking methods include:<br />
SSID spoofing, MAC spoofing and authentication<br />
spoofing of WEP. In section Ⅲ we analyze the<br />
weaknesses of WEP and RC4 algorithm. In section Ⅳ<br />
we crack the WEP key by making use of the weakness of<br />
WEP. And we also design a scenario of cracking WEP<br />
key by using this weakness. In section Ⅴ we introduce<br />
some methods of WLAN security enhancement. These<br />
methods including: WEP improvement, Message<br />
Integrity Check and 802.1X/EAP.<br />
II. THE SUMMARIZATION OF WLAN SECURITY<br />
A. Basic Concepts of WLAN<br />
WLAN is the outcome of combining computer net and<br />
wireless communication. WLAN expands the wired<br />
LAN. The mobility of connection is the most merit of<br />
WLAN, and it also overcomes the restriction of wires.<br />
Users can acquire information anywhere at any moment<br />
in the WLAN environment.<br />
The range of WLAN is about 10 to 100 meters. It<br />
typically uses Spread Spectrum modulation technologies.<br />
© 2010 ACADEMY PUBLISHER<br />
AP-PROC-CS-10CN006<br />
39<br />
There are two forms of SS (Spread Spectrum) schemes:<br />
FHSS (Frequency Hopping Spread Spectrum) and DSSS<br />
(Direct Sequence Spread Spectrum).<br />
There are two types of WLAN: infrastructure network<br />
and Ad-hoc network. Infrastructure network needs an AP<br />
(Access Point), which is used as a bridge between clients<br />
and wired LAN. Ad-hoc network is comprised of some<br />
coordinative clients, which communicate with each<br />
other. We will discuss infrastructure network in this<br />
paper.<br />
IEEE 802.11[1] is WLAN’s standard protocol. Its<br />
scope is limited to physical and MAC layer. There are<br />
802.11a, 802.11b and 802.11g protocols. 802.11b<br />
protocol is used most widely now. The bandwidth of<br />
802.11b’s physical layer is 2.4G Hz. It uses DSSS<br />
technology and its speed is 11Mb/s.<br />
B. Basic Knowledge of WLAN Security<br />
WLAN’s data are transmitted in the air in the form of<br />
electromagnetic wave, so its security is more important.<br />
802.11b provides some security mechanisms: Service Set<br />
Identifier Association (SSID Association), MAC filtering<br />
and Wired Equivalent Privacy (WEP)[2].<br />
AP will allow a client access the net if the client<br />
provides a right and same SSID with AP. If the client’<br />
SSID is different with the AP’ SSID, the AP will refuse<br />
the client to use the net. So the SSID can be seen as a<br />
simple password for providing an authentication<br />
mechanism. It can provide some security.<br />
The mean of MAC filtering is that the administrator<br />
maintains a list of MAC addresses which some of them<br />
are admitted to the WLAN and others are not. This<br />
method can filter the physical address.<br />
WEP is used to protect the data in WLAN. WEP uses<br />
RSA’s RC4 symmetry encryption algorithm to encrypt<br />
the data. Another function of WEP is also to prevent<br />
unauthorized access to WLAN.<br />
Although 802.11b provides three security<br />
mechanisms, they are insecure. In the next section we<br />
will discuss that how hackers attack the WLAN by<br />
making use of these mechanisms.<br />
C. Methods of Attacking WLAN<br />
Reconnaissance is the first thing hackers have to do<br />
before attacking the WLAN. Hackers drive around in a<br />
car equipped with wireless gears looking for unsecured<br />
WLAN to break in. They have to prepare some<br />
equipment to finish this work. For example: Laptop or<br />
PDA, 802.11b wireless card, antenna, GPS receiver and<br />
vehicle.