Wired Equivalent Privacy, (frequently mistakenly called Wireless Encryption Protocol) was invented to do exactly what its name suggested, provide wireless access to the internet with the same amount of privacy that a wired connection offered. But unfortunately WEP was not without its flaws, which over time, made WEP as secure a 3 digit number lock.
How WEP works
Lets look first at the WEP algorithm. WEP relies on a secret key that is shared between computers connected to the network and the network access point. Originally the pre-shared key was 10 hexadecimal decimals, which was later increased to 26 hexadecimal digits. This pre-shared key along with 24 pseudo-randomly generated bits (called Initialization Vectors) forms what is known as a keystream. Don’t worry if some of the terms seem unfamiliar. A separate post explaining such terms and their significance will be up asap. This pre-shared key then becomes a seed value for the RC4 algorithm which then outputs a pseudo-randomly generated keystream. This keystream is XORed with the plaintext (data that is to be encrypted) to give the encrypted output.
When a device connects to the access point, it must already know the pre-shared key, since the Initialization Vector is required to de-crypt this message, the initialization vector is sent as plaintext, which along with the preshared key, XORs the ciphertext with the keystream to give the plaintext.
How the attack takes place
Ever since the WEP was discovered to be a weak algorithm, progressively faster attacks have been developed. We will be looking at three attacks FMS (Fluhrer,Mantin & Shamir), KoreK and PTW (Pyshkin, Tews & Weinmann).
This attack is at heart a crypto-analysis attack. It exploits a weakness in the RC4 algorithm. We already know the IV vector is accessible to every device trying to connect to the access point. This itself is 3 bytes, and if this IV satisfies certain conditions, it is possible with 5% probability to guess another byte of the key correctly. Then one can test it to check whether the access point responds with a positive reply or a error message. If the key is not correct, another likely key is tried. But this method requires a large number of packets to collect Initialization Vectors.
KoreK ChopChop Attack & PTW Attack
This attack is not based on the weakness of RC4 algorithm but on the design flaws of WEP itself: the weakness of the checksum and the lack of replay protection (which allows the hacker to send the same packet modified slightly again and again). What the ChopChop attack does is flip a bit in the ciphertext and calculate which bit in the CRC32 must be flipped so that the packet is still valid. The attack works by taking away the last byte of a packet and bruteforcing its value(thanks to no replay protection). The ChopChop Attack aims at giving the attacker the ability to de-crypt the packet without knowing the key (with which the key can be found anyway, since XOR-ing the encryted text and the plaintext will return the keyphrase containing the password and Initialization vector). Nevertheless due to its lack of speed, its practical use is limited to eavesdropping a packet, decrypting it, modifying it and re-injecting it back to generate more traffic and therefore get more information to perform a full key recovery attack. This is nothing but the PTW attack.