The document discusses the vulnerabilities of the Wired Equivalent Privacy (WEP) protocol used in wireless networks, highlighting its inadequacies in providing secure data transmission due to flaws in its design and implementation. It proposes improvements to WEP, specifically through the development of a new protocol called Improved WEP (iWEP) that addresses these security issues while maintaining compatibility with existing systems. The authors analyze various attack techniques against WEP and suggest enhancements to ensure better data confidentiality and integrity in wireless communications.

1. ACEEE Int. J. on Network Security , Vol. 03, No. 02, April 2012
Attack Robustness and Security Enhancement with
Improved Wired Equivalent Protocol
Mr. S.M.K.M. Abbas Ahmad1, Dr. E.G. Rajan2 and Dr. A. Govardhan3
Corresponding Author: S.M.K.M. Abbas Ahmad)
(1)
Associate Professor, Dept. of E.C.E., Hi-Tech College of Engg & Tech, Hyderabad, India, Phone: +918985042004,
Email: smkmabbas@rediffmail.com
(2)
President, Pentagram Research Centre, Hyderabad, India, Phone: +919849164747, Email: rajaneg@yahoo.co.in
(3)
Professor of CSE, JNTUH, Hyderabad, India, Phone: +919440887733, Email: govardhan_cse@yahoo.co.in
Abstract: With the widespread use of wireless networks, in ad hoc networks which are decentralized environments.
securing Data transmission becomes a basic requirement. The
IEEE 802.11 standard which defines wireless networks II. WEP ENCRYPTION
communication, has proposed in its second version, IEEE
802.11b, a new protocol to offer some wired-like security The IEEE 802.11[1] standard defined Wired Equivalent
services, such as: data privacy, data integrity, and Privacy (WEP) as a first line of defense for wireless networks.
authentication. In this paper, we analyze Wired Equivalent WEP, as defined by the 802.11 standard is intended to provide
Privacy(WEP) security holes and we propose an improvement the level of data confidentiality that is equivalent to a wired
over WEP which achieves, in addition to its security goals,
network. The WEP provides both authentication, to protect
another security service which is replay detection.
against unauthorized access to network through the open
Keywords: WEP; RC4; 802.11 Security; Wireless system and shared key authentication, and encryption
Communication; Authentication; Attacks. services to defeat eavesdroppers who may try to decrypt
captured transmission. The encryption used in implementing
I. INTRODUCTION this protocol is the RC4 symmetrical stream cipher with either
a 40-bit or 104-bit encryption key.
Research has been done in the field of ad hoc networking
since the 1970s. Wireless networking devices were not easily A. Authentication Process
available at this time, therefore ad hoc networking stayed WEP security involves two parts, Authentication and
theoretical for a while. Few years ago, IEEE 802.11 has been Encryption. Authentication in WEP as described n Figure: 1,
defined as a new standard for wireless networking. In a short involves authenticating a device when it first joins the LAN.
period of time, many manufacturers provided Wi-Fi The authentication process in the wireless networks using
networking devices at a low cost. This facilitated the building WEP is to prevent devices/stations joining the network
of real ad hoc networks. Today, many ad hoc networking test unless they know the WEP key.
beds are using Wi-Fi technology.
The security in 802.11 networks is handled by the Wired
Equivalent Privacy (WEP) protocol that has been part of the
802.11 standard since initial ratification in 1999. WEP relies
on RC4
stream cipher [1,2]. However, security experts [8] revealed
several weaknesses in the key scheduling algorithm of RC4,
Figure1: WEP Authentication
showing that RC4 is completely insecure in the common mode
of operation which is used in WEP. This has been illustrated In WEP-based authentication, wireless device sends
with an implementation [9] which permitted to retrieve the authentication request to the wireless access point, then
WEP secret key by passively collecting enough data over wireless access point sends 128 bit random challenge in a
the wireless network. IEEE 802.11 established the Task Group clear text to the requesting client. The wireless device uses
(TGi) to solve the security problems of WEP. The 802.11 the shared secret key to sign the challenge and sends it to
security protocol is so seriously flawed that TGi has decided the wireless access point. Wireless access point decrypts
to create a new security protocol from scratch, not constrained the signed message using the shared secret key and verifies
by WEP design. However, many WEP- based wireless the challenge that it has sent before. If the challenge matches,
networking adapters have already been shipped and then authentication succeeds otherwise not.
deployed. TGi has proposed the Temporal Key Integrity Unfortunately, in WEP, no secret key is exchanged after
Protocol (TKIP), a collection of algorithms wrapping WEP, to authentication. The same secret key or shared key is used for
improve security for already deployed 802.11 devices both authentication and encryption. So there is no way to
operating in infrastructure mode (involving access points). tell whether the subsequent messages come from the trusted
This solution uses an authentication server: It cannot apply device or from an impostor. This kind of authentication is
© 2012 ACEEE 42
DOI: 01.IJNS.03.02.3

2. ACEEE Int. J. on Network Security , Vol. 03, No. 02, April 2012
prone to man in the middle attack. This authentication is stream and form the cipher text of the packet.
really not a best effort here. In the Wi-Fi specification, 6) The cipher text, the initialization vector IV and some
authentication was completely dropped, despite being in the additional header fields are used to build a packet, which is
IEEE 802.11 standard. now send to the receiver.
The packet being sent now contains the following header
B. Working of RC4 Algorithm
fields:
1. RC4 Stream Cipher: Frame control
RC4 is a stream cipher designed in 1987 by Ron Rivets for It contains general information about the frame (is it a
RSA Security[2]. It is a variable key-size stream cipher with data, management, or control frame) and the transmission
byte oriented operations. The algorithm is based on the use (has the station more packets to send.)
of a random permutation. A variable-length key K, of size 1 to Duration, ID
256 bytes is used to initialize a 256-byte state vector S, with It contains the expected duration of this transmission and
elements S0, S1 to S255. At all times, S contains a permutation some other values in special cases.
of all 8-bit numbers from 0 to 255. Initially, the entries of S are Address 1,2,3
set to the values 0 to 255 in ascending order. A temporary It contains the following addresses. The address of the
vector T, is also created. For a key of length keylen bytes, the AP the packet is send from/to, the address of the destination
first keylen elements of T, are copied from K, and then K is station and the address of the source station. In a special
repeated as many times as necessary to fill out T. Next, we mode called WDS, where two APs communicate directly with
use T to produce the initial permutation of S. each other, there is a fourth address, the address of the second
Once S is initialized, the input key is no longer used. The AP.
next step (stream generation) is to generate the key used for Sequence control
encryption. It involves starting with S0 and going through to It contains information about fragmentation. The IEEE
S255, and, for each Si, swapping Si with another byte in S 802.11 protocol is able to fragment packets before they are
according to a scheme dictated by the current configuration transmitted.
of S. After S255 is reached, the process continues, starting WEP parameters
over again at S0. For encryption, the value key is XORed contains the IV which was used to encrypt this packet,
with the next byte of plaintext. For decryption, the value key and a key index. The key index is used to identify the correct
is XORed with the next byte of cipher text. key, when more than one key is used in a network.
C. WEP Encryption Process and Frame Payload and ICV is the encrypted payload of the packet
including a CRC32 checksum at the end of the payload which
Every data frame sent by a station in a WEP protected
is called Integrity protection value (ICV). Payload and ICV
network is encrypted integrity protected. Non-data frames,
are encrypted.
like beacon frames, acknowledgment frames and similar frames
are not protected by WEP at all. When a station sends a
packet, the following steps are executed.
1) The station picks a 24 bit value called initialization
vector IV. The IEEE 802.11 standard does not specify how to
choose this value. Beside some minor modifications, most Figure 2 WEP Frame Format
vendors implemented one of the following two methods: D. WEP Vulnerability
a) The IV is chosen by a pseudo random number generator Several serious security flaws were discovered in the
PRNG independently from all other packets send by this WEP[3] owing to which, the WEP failed to achieve its security
station. goals. Some of its vulnerabilities are listed below:
b) The station always remembers the last IV used. When a 1. The RC4 algorithm itself has a subtle weakness[4] that can
new IV needs to be chosen, the station interprets the last IV be exploited to crack keys.
used as a number and adds 1 to this number. When the highest 2. The presence of relatively short IVs and keys that remain
possible number is reached, the station starts again with 0. static[5]. If an individual collects enough frames based on
On startup, the IV counter either takes a fixed value or a the same IV, he can determine the shared values among them,
random number is assigned to it. i.e., the key stream or the shared secret key. This of course
2) The IV is prepended to the root key and form the per leads to decrypting any of the 802.11 frames.
packet key K = IV||Rk. 3. The 802.11 does not support the exchange of keys among
3) A CRC32 checksum of the payload is produced and stations nor does it provide any automatic way of changing
appended to the payload. This checksum is called Integrity keys. It depends on external key management for distribution.
Check Value (ICV). 4. The implementation has so far been based on 64-bit with
4) The per packet key K is fed into the RC4 stream cipher to 24-bit initialization vector resulting in only a 40-bit encryption,
produce a key stream X of the length of the payload with which is quite low. Improving the static nature of the IV and
checksum. providing a stronger encryption at a higher layer could solve
5) The plaintext with the checksum is XORed with the key a major part of the WEP vulnerability. A stronger encryption
© 2012 ACEEE 43
DOI: 01.IJNS.03.02.3

3. ACEEE Int. J. on Network Security , Vol. 03, No. 02, April 2012
could prevent brute force attacks and result in larger generate a key stream KS using RC4. S concatenates the
overheads during cryptanalysis. CRC to M1 which gives T1 = (M1, CRC), then he concatenates
iv2 to T1. The all is Fig. 2. Ciphering principle in iWEP then
III. ATTACKS XORed with KS1. S sends the XORed message to the receiver
R. Knowing iv1, R decrypts the message, verifies CRC, and
A. Types of Attacks crafted on WEP then stores iv2. iv2 will be used to decrypt the next frame sent
1. The FMS attack: by S. As a matter of fact, every frame contains the initialization
The FMS attack was the first key recovery attack against vector used to encrypt the next one. So, the frame i encrypted
RC4 in WEP-like operating modes and was published by using ivi contains ivi+1, which will be used to encrypt and
Fluhrer, Mantin, and Shamir in 2001. We can summarize the decrypt frame i + 1. Initialization Vectors are all, except the
FMS attack as follows: first one, generated randomly by the sender. This makes no
An attacker, who has access to an oracle OWEP CTR(3; 13; correlation between iv’s, and therefore enhances resistance
1) can recover the internal key of the oracle with a success to brute force attacks.
probability of 50% with about 9,000,000 queries to the oracle B. Procedure for selecting Initial Vector IV
and negligible computational effort.
The process shown above requires that S and R agree on
B. The KoreK key recovery attack the initial iv. This can be done by many ways. We suggest
This implementation uses 17 different attacks, which are able here two methods that are enough secure and don’t produce
an overhead. The first manner is to agree on iv1 using Diffie-
to determine K[l], if K[0] to K[l - 1] and the first two words of Hellman (DH) algorithm[7]. This algorithm allows two entities
to establish a secret (a key for example), based upon messages
output X[0] and X[1] are known. exchanged publicly. It will be sufficient to take as iv1 the first
An attacker, who has access to an oracle OWEP CTR(3; 13; 24 bits of the key agreed on using DH. The second manner is
2) can recover the internal key of the oracle with success to use a hash algorithm[5], [6] to compute iv. A hash algorithm
probability 50% with 700,000 queries to the oracle and is a one-way function that allows to compress some bit stream
negligible computational effort. BS into a digest D of a given length. The principle is to
compute D in each side by hashing a common secret
C. Mantin’s second round attack information, such as k. Thus, S and R compute separately the
It was the first key recovery attack on RC4, which made digest of k, and take the first 24 bits as iv1. SHA-1 which is a
use of the so called Jenkins’ correlation which is also called secured well-known hash algorithm can be used to this end.
Glimpse property or RC4 Glimpse.
An attacker who has access to an Oracle OSKIPWEP (OWEP(liv; V. INTEROPERABILITY WITH WEP
16; 1); 256) can recover the secret key of Oracle OWEP with a
probability of 80% by sending about 225 H” 3.3·107 queries to A. Translating from WEP to iWEP
OSKIPWEP and by testing up to 248 H” 2.8·1014 different keys for The translation is carried out in two steps:
correctness, even if he has not got direct access to OWEP . I- Extraction of iv : it consists of separating ivs from their
Different tradeoffs for CPU-time and number of queries are messages. Iv’s are already clear;
possible. liv must be large enough to generate 225 different II- Re-association of ivs: in this step, a given iv, ivi is used to
IVs. The complexity decreases for shorter root keys. encrypt the concatenation of Ti and ivi+1.
IV. PROPOSED IMPROVEMENTS IN WEP B. Translating from iWEP to WEP
In this case, the translator typically re-uses previous iv,
The proposed approach aims to resolve WEP flows
ivi to decrypt current iWEP frame (i).
without changing the hardware while keeping a good
I- Extraction of iv : using ivi for decryption, the clear text
interoperability with existing WEP.
contains the message Ti, and ivi+1 which will be extracted
A. Encryption Process (and to be used also for further decryption);
We propose a scheme similar to WEP. The difference is II- Re-association of ivs: ivi is used to encrypt Ti and ivi.
that in iWEP we encrypt both of the message T and iv with ivi+1 is used for decryption of next frame.
RC4. Encrypting iv aims to hide it from eavesdropping. As
can be visualized, iWEP sender encrypt Ti concatenated to
ivi+1 using ivi. Thus, it’s sufficient to the receiver to know the
initial iv -iv1- to decrypt the first frame which contains iv2
used to decrypt the second frame and so on.
To start the encryption process, the two nodes agree on
some initial iv, this step is detailed in section B. After this, the
sender S generates randomly a new iv. Let iv2 be the generated
iv, and iv1, the initial iv. S uses his own key k and iv1 to
© 2012 ACEEE 44
DOI: 01.IJNS.03.02. 3

4. ACEEE Int. J. on Network Security , Vol. 03, No. 02, April 2012
VI. RESULTS REFERENCES
[1] S.M.K.M. Abbas Ahmad, Dr. E.G.Rajan,Dr.A.Govardhan, Mr.
Juluru PEraiah, “Security Enhancement in WEP Mobility”, invited
paper at International Conference on CNSA-2010, Springer-Verlog,
July, 2010, Volume No: CCIS 90, pp 388-399.
[2] Arash Habibi Lashkari, F. Towhidi, R. S. Hoseini,”Wired
Equivalent Privacy(WEP)”, ICFCC Kuala Lumpur Conference,
Published by IEEE Computer Society, Indexed by THAMSON
ISI, 2009.
[3] Donggang Liu, P. N., “Security for Wireless Sensor Networks”,
Springer., November, 2006
[4]Garcia, R. H. a. M., “AN ANALYSIS OF WIRELESS
SECURITY”, CCSC: South Central Conference. 2006
[5] Kempf, J., “Wireless Internet Security: Architecture and
Protocols “,Cambridge University Press. October, 2008
Figure3: Encryption Process of WEP and iWEP [6] Hani Ragab Hassan, Yacine Challal, “Enhanced WEP: An
efficient solution to WEP threats”, IEEE 2005
[7] Scott R. Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in
the key scheduling algorithm of RC4. In Serge Vaudenay and Amr
M. Youssef, editors, Selected Areas in Cryptography 2001, volume
2259 of Lecture Notes in Computer Science, pages 1{24. Springer,
2001.
[8] David Hulton. Practical exploitation of RC4 weakness in WEP
environments, 2002. presented at HiverCon 2002.
[9] Wireless lan medium access control (MAC) and physical layer
(PHY) specifications (IEEE Standard 802.11). L.M.S.C. of the
IEEE Computer Society, 1999.
AUTHORS’ PROFILE
Figure4: iWEP and WEP compared when decrypting data Mr. S.M.K.M. ABBAS AHMAD did his
B.E. from Gulbarga University, Karnataka,
India in 1998, M.Tech. from V.T.U.,
Belgaum in 2004. He is pursuing Ph.D. at
Jawaharlal Nehru Technological University,
Hyderabad under the guidance of Dr. E.G.
Rajan & Dr. A. Govardhan. He is presently
an Associate Professor of ECE at Hi-Tech
College of Engineering & Technology, Hyderabad. He has 14 years
of teaching experience. His areas of interest are Wireless Commu-
nications, Wireless Network Security & Digital Electronics. He is
life member of Indian Society for Technical Education. He is the
member of IAENG.
Figure5: Throughput of iWEP and WEP for variable data length Dr. E.G.Rajan did is B.Sc. in Physics
computa tional Major from Madras University in 1970,
DMIT in Electronics Engineering in 1974,
CONCLUSION M.E. in Applied Electronics from Madras
University in 1983. He did his Ph.D. in
In this paper, we’ve reviewed security holes in WEP. Then Signal & Image Processing at Indian Insti-
we described our protocol iWEP which achieves security tute of Technology, Kanpur, India in 1990.
goals of the WEP. We also compared iWEP and WEP when He is the founder president of Pentagram Research Center (Pvt),
decrytpting data. In this paper we also shown that throughput Hyderabad, India He was categorized as Best Instructor of Dept.
is greater for iWEP than WEP for variable data length of Electrical Engineering, IIT, Kanpur for the years1990-91 & 1991-
computaions. It is important to note that iWEP can be directly 92. He has 34 years of industry & teaching experience. He worked
deployed over any hardware using WEP. as Electronic Warfare Officer/Signal Analyst, Aviation Research
Centre, Cabinet Secretariat, Director of General of Security, Govt.
of India from 1977-1986. He proposed the Transforms for Pattern
Recognition known by his name Rajan Transforms. He is an elected
member of International Federation of Systems Research, Kepler
University, Austria. He has guided 7 Ph.D. scholars, 60 M.Tech.
Projects. He Published more than 20 research papers in interna
© 2012 ACEEE 45
DOI: 01.IJNS.03.02.3

5. ACEEE Int. J. on Network Security , Vol. 03, No. 02, April 2012
tional journals. His areas of interest are Communication Engineer- He is presently a Professor of CSE and and Director of Evaluations
ing, Cryptography, Pattern Recognition, Bioinformatics, Systemics, at Jawaharlal Nehru Technological University Hyderabad AP, In-
Image Processing, Signal Processing. dia. He is a member on the Editorial Boards of International Journal
Dr.A.Govardhan did his BE in Computer of Emerging Technologies and Applications in Engineering Tech-
Science and Engineering from Osmania nologies and Sciences (IJ-ETA-ETS) and International Journal of
University College of Engineering, Computer Applications in Engineering Technologies and Sciences
Hyderabad in 1992, M.Tech from (IJ-CA-ETS), International Journal of Advanced Computing, In-
Jawaharlal Nehru University, Delhi in ternational Journal of Data Engineering and Computer Science,
1994 and Ph.D from Jawaharlal Nehru International Journal of Computational Intelligence and Informa-
Technological University, Hyderabad in tion Security and Scientific and Technical.
2003.
© 2012 ACEEE 46
DOI: 01.IJNS.03.02.3