Paper Menu >>
Journal Menu >>
Wireless Sensor Network, 2010, 2, 239-242 doi:10.4236/wsn.2010.23032 Published Online March 2010 (http://www.scirp.org/journal/wsn) Copyright © 2010 SciRes. WSN WEP and WPA Improvement Mustafa ElGili, Samani A. Talab, Awad H. Ali Department of Information Technology, University of Neelain, Khartoum, Sudan E-mail: mustgili@hotmail.com Received September 24, 2009; revised October 21, 2009; accepted October 25, 2009 Abstract This paper aims to describe a solution to improve wireless network security protocols WEP and WPA based on a modified RC4 algorithm for encryption, and based on initialization vector (IV) with secret key for a session key exchange, and new mutual authentication mechanism. Keywords: Wireless, Security, Authentication, WEP, WPA, RC4 1. Introduction Wireless communications offer organizations and users many benefits such as portability and flexibility, in- creased productivity, and lower installation costs. How- ever, risks are inherent in any wireless technology. The loss of confidentiality and integrity and the threat of de- nial of service attacks are risks typically associated with wireless communications. WEP and WPA are designed to protect, but they still have weaknesses discussed in [1–8]. 2. Related Work Many solutions have been proposed for the remedy of the WEP and WPA encryption, key exchange and mutual authentication problems. Reference [9] proposes a sch- eme similar to WEP. The difference is that in EWEP it encrypts the concatenation of the message and IV with RC4. Encrypting IV aims to hide it from eavesdropping. This proposal has many weaknesses represented below: 1) Because IV [i+1] depends on IV [i], if some frames are lost, all frames coming from the same sender would not be decryptable. 2) It uses Diffe-Hellman [10] to agree IV; this is dif- ficult because there is no clear share value. 3) Rekey is done using special messages. No protec- tion mechanism for the messages contains the new key. 4) No new authentication mechanism described which means the authentication process is still weak. 5) It suffers from following attacks: Disassociation and Deauthentication Attacks. Shared Key Authentication Attacks. FMS Attack. Session Hijacking. Reply Attack. Reference [11] proposes new scheme which modifies the process of WEP Key generation on TKIP. Comparing with TKIP, the proposed protocol neither changes nor increases hardware cost. Moreover, it narrows down hardware computing quantities. Further, SEWTP reduces authentication frequency. It also provides security func- tion as well as TKIP and does not affect the performance of throughput. But it has limitations represented as: 1) Over flooding, any client will send random number. New secret key has been generated before authentication process that leads to AP overload, because every client joining the AP domain will take a time to generate his secret key. 2) The clear IV still there. 3) Every 2^24 packet there will be random number from client to AP, this will lead to: Over load traffic. Overload in process time. 4) It suffers from the following attacks: Disassociation and Deauthentication Attacks. Shared Key Authentication Attacks. FMS Attack. Session Hijacking. SYCH attack. 2.1. Proposed Solution: WEP and WPA Improvement We will propose a novel schema which essentially con- sists of three mechanisms: 1) Mutual Authentication between AP and Station. 2) Session Key Exchange mechanism. 3) Strong Encryption Protocol using modified RC4, and IV shadow. M. ElGili ET AL. 240 2.1.1. Mutual Authentication Process and Session Key Exchange This is a solution for weak authentication in Wireless LAN which uses pre-shared key authentication, and also can be used in enterprise solution without any third party. The mutual authentication mechanism and Session Key Exchange mechanism consisting in the following steps: 1) The first step stores the challenge value in the Sta- tion like secret key similar to Access point. 2) The second step: When the Station sends associate request to the Access point, the Access Point sends en- crypted challenge with the secret key to Station. 3) The Station receives the Encrypted challenge and decrypts it using the secret key and Access point IV, and compares it with the challenge it has. If they are equal that means this Access point is trusted. 4) If this Access Point is trusted Calculate K', IV’ us- ing Equations 1, 2 respectively, and uses them with K (secret key), to encrypt the challenge again and sends it to the access point. 5) Update the Station challenge by adding IV’ to old challenge. 6) The Access Point receives the Encrypted challenge and calculates the K', IV’ and uses them with K (secret key), to decrypt challenge if it is equal to the challenge sent. This means the Station is trusted. 7) Update Access Point challenge by adding IV’ to old challenge. 2.1.2. Session Key Exchange Mechanism During Authentication process, we can calculate the ses- sion key, by using the equation below: 0 kk cli acc+3 I VIV Ki (1) The result of using Equation(1) to calculate K’ shown in Figures 1, 2 and 3, they explain that there is no linear relation between old IV[i] and K’[i]. 2.1.3. Strong Encryption Using Modified RC4 We modified RC4 to be suitable for use with our ap- proach, by using K’ instead of feedback j as it is shown in algorithm below. To prevent first byte attack [9], and inverse attack: Figure 1. Shows the relation between k’[0] and old IV[0]. Figure 2. Shows the relation between k’[1] and old IV[1]. Figure 3. Shows the relation between k’[2] and old IV[2]. RC4 Modified key scheduling algorithm: 1) {initialization} 2) for i from 0 to n − 1 do 3) S[i]: = i 4) end for 5) j: = 0 6) {generate a random permutation} 7) for i from 0 to n − 1 do 8) j: = (K’[I mod e]+S[i]+ K[I mod l])mod n 9) swap S[i] and S[j] 10) end for As a result of simulation test there is no linear relation between KSA[i] and old IV[i] as shown in Figures 4, 5 and 6. Which means the first byte attack cannot succeed. Figure 4. shows the relation between old IV[0] and KSA[0]. Copyright © 2010 SciRes. WSN M. ElGili ET AL.241 Figure 5. Shows the relation between old IV[1] and KSA[1]. Figure 6. Shows the relation between old IV[2] and KSA[2]. 1) An encryptor and Decryptor that share a RC4 secret key (K) agree session key or day key depending on the security level that they need. Using Equation (1). Where is ' K represent session key or day key. 2) The secret key K uses to confuse IV to generate ' I V which will combine with K to generate RC4 key seed as follows: For i=o; IV length; {} (2) [ mod11] '((*) mod 256 ki i IVIV kIV From the results of Equation (2) there is no linear rela- tion between new IV[i] and old IV[i] as shown in Fig- ures 7, 8 and 9. This means that we can send the old IV as plaintext. The attacker can not use it to decrypt the ciphertext. Figure 7. shows the relation between oIV[0] and nIV[0]. Figure 8. Shows the relation between oIV[1] and nIV[1]. Figure 9. Shows the relation between oIV[2] and nIV[2]. 3) Combine the secret K and IV', with K’ they will be the seed for RC4 algorithm. 4) Send cipher text and IV. 2.2. Comparison the IV Value Rollover For a device sending 10000 packets per-second 1) 24-bits, an IV will be reused after 16777216 pack- ets, after 27.9 min. [WEP static secret Key] 2) 48-bit, an IV will be reused after 281474976710656 packets, after 892.6 years. [WPA static secret Key] 3) 24-bits, an IV will be reused after 16777216*39 *13*16 =136096776192 packets, after 5.2 month [Dy- namic Session Key]. 2.3. Comparison the Bandwidth Overhead For a device sending 10000 packets per-second: 1) WEP overhead 44byte per-packet, means every sec- ond 4.4 Kbytes. 2) WPA overhead 56byte per-packet, means every second 5.6kbyte. 3) Our approach overhead 44byte per-packet means, 4.4 Kbytes. 3. References [1] “WEP fix using RC4 fast packet keying,” February 2002, http://www.rsasecurity.com/rsalabs/technotes/wep-fix.ht ml Copyright © 2010 SciRes. WSN M. ElGili ET AL. Copyright © 2010 SciRes. WSN 242 [2] S. Jariwala, “Enhancing wireless security with WPA,” April 2004. [3] A. Jain and S. Karan, “Wireless LAN security”. [4] M. S. Ahmad and V. Ramachandran, “Cafe latte with a free topping of cracked WEP—retrieving WEP keys from road warriors”. [5] M. O. Pervaiz, M. Cardei, and J. Wu, “Security in wire- less local area networks,” Department of Computer Sci- ence & Engine. [6] D. Kalina, “WAP, WPA, and EAP,” March 2005, http://islab.oregonstate.edu/koc/ece478/05Report/Kalina.d oc [7] T. Takahashi, “WPA passive dictionary attack overview,” http://www.personalwireless.org/tools/WPA-Cracker/WP A_Passive Dictionary_Attack_Overview.pdf [8] V. Moen, H. Raddum, and K. J. Hole, “Weaknesses in the Temporal Key Hash of WPA,” http://bora.uib.no/bit- stream/1956/1901/21/Paper4 Moen.pdf [9] H. R. Hassan and Y. Challal, “Enhanced WEP: An effi- cient solution to WEP threats”. [10] W. Stallings, “Cryptography and network security,” 3rd edition, 1999. [11] J.-C. Lin, Y.-H. Kao, and C.-W. Yang “Secure enhanced wireless transfer protocol,” First International Conference on Availability, Reliability and Security, 2006. [12] A. Klein, “Attacks on the RC4 stream cipher,” 27 Febru- ary 2007. |