Title: IEEE 802.11 WEP Integrity Check Vulnerability
Severity: HIGH
Description:
The IEEE 802.11 standard defines a set of interfaces and protocols for the operation of a wireless local area network (LAN). The Wired Equivalent Privacy (WEP) algorithm is used to provide confidentiality, integrity and authentication to the 802.11 protocol.
WEP uses a secret key that is shared between a mobile station and an access point to provide confidentiality and authentication. WEP does not define any methods or protocols for key exchange or key management. In most implementation a single secret key is shared by all mobile stations and access points. WEP also uses an integrity check to provide packet integrity.
The encryption algorithm used by WEP is the RC4 stream cipher. In a stream cipher a secret key is used to produce an endless pseudo-random key stream. Data is encrypted by performing an exclusive-or (XOR) of the key stream and the plaintext data to produce ciphertext. Data is decrypted by performing an XOR of the ciphertext and the key stream to produce the plaintext.
Stream ciphers are vulnerable to an attack that allows an active attacker to flip bits in the ciphertext that will result in the corresponding bits in the plaintext being flipped as well. To defend against this attack systems that make use of stream ciphers also employ integrity checks. The job of the integrity check is to verify the data has not been modified while in transit.
WEP included an integrity check (IC) field which is encrypted in the 802.11 packet. The integrity check is implemented via a 32-bit cyclic redundancy code (CRC-32).
While CRC's are a common technique to detect data transmission errors it is generaly not useful for cryptographic integrity. CRC is a linear hash. This means there is a deterministic relationship between the bits in a message and the bits in it's CRC. Thus its easy to determine what bits to flip in a CRC if we flip some bits in the message.
Since flipping a bit in a message encrypted with RC4 results in the corresponding bit being flipped in the decrypted plaintext the use of CRC-32 in WEP allows an attacker to flip bits in the encrypted 801.11 packet and adjust the CRC so that the modified message passes the integrity check.
The vulnerability affects both the 40-bit and 128-bit versions of WEP.
Affected Products:
- IEEE 802.11 0.0.0
- IEEE 802.11b 0.0.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional SP1
References:
- Nikita Borisov, Ian Golberg, David Wargner: Intercepting Mobile Communications: The Insecurity of 802.11
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
