I haven't found the resources explaining about exact authentication mechanism about wpa-psk in the internet. finally i found securitytube videos i found one video regarding the wpa-psk concepts.in those videos it is said that wpa-psk uses dynamic keys unlike wep keys these are per-packet basis and per-session basis. i didn't understood what is the difference in them even wep is also providing unique keystreams per packet basis and per session basis and he also mentioned the main vulnerability resides in static wep key what is that mean i didn't understood.
Asked
Active
Viewed 1,349 times
1 Answers
3
Wired Equivalent Privacy (WEP) Is defined in IEEE 802.11. It uses a 40 or 104 bit key along with a 24 bit Initialization Vector (IV), and the RC4 stream cipher. The purpose of an IV is to ensure that the same key is never used twice but for it to work the IV must never repeat. It is also important how it is combined with the actual key. WEP concatenates the IV with the root key, which is static and does not change after setup, and then sends it to RC4.
So the input to RC4 is IV + KEY or can be thought of as RC4(IV+KEY). The IV being only 24 bits (about 16 million frames) will repeat quickly on busy networks, this allows related-key attacks. This was done because the key can only be used to encrypt one message or you end up with basically a two-time pad. The IV is also sent in the clear along with the ciphertext so that the receiver knows what IV was used because it is needed for decryption.
Further there are different modes of choosing an IV. If you use a counter method you are guaranteed to not repeat an IV for the duration of 16 million frames with WEP. If it is random due to the birthday paradox it happens much quicker. WEP uses a counter mode and the related key attack is made possible because the RC4 PRNG is not designed to be secure for closely related keys like RC4(1+KEY) and RC4(2+KEY).
Today with tools like aircrack-ng it can be broken in seconds simply by listening to traffic. As of 2004 WEP has been officially replaced with Wi-Fi Protected Access II (WPA2) in the IEEE 802.11i standard.
Wi-Fi Protected Access (WPA) was designed to be backwards compatible with the hardware that WEP algorithms ran on which required the use of WEP’s RC4 to encrypt traffic. It has the addition of the Temporal Key Integrity Protocol (TKIP) which generates a new 128 bit key for each packet and no longer allows the system to be broken by simply listening. It does this by combining the root key with the IV and then passing it to RC4.
In 2008 an attack on TKIP was released which allows an attacker to send some chosen packets by exploiting WPA’s Message Integrity Check (MIC) which was used to replace WEP’s CRC-32.
Wi-Fi Protected Access II (WPA2) uses the same 8-63 character Pre-Shared Key (PSK) as WEP; however, it avoids the problems of WEP and WPA by replacing both the TKIP and RC4 with AES-Counter Mode CBC-MAC Protocol (AES-CCMP) which restricts AES to 128 bits. AES-CBC mode providing robust protection against patterns being found and CBC-MAC providing excellent message integrity.
There are currently no attacks directly against the encryption protocol of WPA2 and it should always be used over WEP and WPA.
Further reading: The best resource for in depth explination of crypto basics, and intro to crypto I know of is this video series Introduction to Cryptography by Christof Paar.
A good video focused on your question specifically is Attacks on stream ciphers and the one time pad although it does not cover it in nearly as much depth, it is a good higher level overview.
This question probably would have been answered much quicker on the cryptography page.
8bit.wappen
- 31
- 2