O-WEP Cryptographic Operations

In this section, we will show the detailed process of O-WEP. See the Figure 4.3, the encryption process of O-WEP is similar to WEP.

O-WEP has the same encryption processing as WEP except that O-WEP replaces IVi with MSi as the input of RC4 (MS is defined in function (1) and function (2)). In the following words, we are going to consider two different situations of O-WEP encryption and decryption process between sender and receiver. First, the encrypted packet is initial packet, and the second is that the encrypted packet is non-initial packet.

Figure 4.2 Encryption process in O-WEP.

First, to encrypt the initial packet

When sender transmits the initial packet, he is able to acquire MS₀ by function (2) and then computes RC4 algorithm to acquire KS0 by function (3) and secret key. Using KS₀ to encrypt transmitted packet and then concatenate the IV0 that has used in function (2) to encrypted packet and transmit together. If remote end receives the encrypted packet, receiver uses IV0 to acquire MS0 by function (1) and computes the KS₀ to decrypt the packet.

Second, to encrypt the non-initial packet

If sender transmits the non-initial packet (e.g. i > 0), MSi is going to generate by function (2) then. However, to produce MS_i needs IV_i and MSi-1(which used by previous packet). This means that each computed MS_i has to keep for next transmitted packet to encrypt. Similarly,

receiver should keep least continuous two MS to generate later MS.

Figure 4.3 The dependency between O-WEP packets

According to the special mechanism, we can observe the rule of the packet encryption. Figure 4.4 is showing that the dependency around O-WEP packets. The relation of packets that links with each other is like chain architecture. Due to the chain architecture of O-WEP, each packet needs the packet previous to itself to encrypt and decrypt. The advantages of this chain architecture are going to have a detailed conclusion in the following chapter.

HMAC

Chapter 5 Security Analyze

In the above chapter, we use HMAC to improve the security of WEP, and the following content of this chapter is going to show that the security analysis of O-WEP.

5.1 Security Improved

We point out that several weakness in the chapter three such as initialization vector is transmitted as plain text, data source authentication, reuse secret key stream ,and using Cyclic Redundancy Check and so on. Now, we are going to have the conclusion in the following words.

(1). Initialization vector is transmitted as plain text Although packets still transmitted as plain text in the O-WEP, the key stream (KS_i) used to encrypt packets is not produce by IV_i and k but MSi-1 and IVi. Considering that attackers attempt to deliver FMS attack to gather lots packets, and try to analyze the encrypted key stream for guessing the original secret key.

However, FMS attack still needs MS_i-1 to find initial vector in the decryption processing. Comparing to WEP, O-WEP can improve the weakness of WEP. Due to this, attacker is much difficult to

(2). Data source authentication According to Figure 4.4, we can observe that the dependency around O-WEP packets. When O-WEP suffers reply attack, the resend or fake packets can not be decrypted and verified CRC check value. Due to this, the process of illegal deliver could be detected.

(3). Reuse secret key stream WEP uses 24 bits initial vector (about 16 millions types) and secret key to produce key stream. In a busy network transmission process, the 24 bits IV too easy to cause repeated use. (By birthday attack law known that every 4,096 packets will have the redundant situation to be bigger than one half) In addition, O-WEP uses the MS_i that generate by HMACk (MSi-1, IVi) to produce secret key. If HMACk adopts the SHA-256 hash function, the length of generated MS_i-1 is 256 bits.

However, the probability of repeat using key stream will drop largely. (By birthday attack law, every 2¹⁴⁰ packets will have the redundant situation to be bigger than one half)

(4). Reliability we are going to make a discussion on this part How to solve the problem that packets lose during the transmission? According to Figure 4.4 should simply realize that O-WEP has the feature of packets dependency. When occur that packet losing and then the following packet can not be decrypted.

Due to this, if the receiver R detects packets losing, R is going to return a special message M to sender. After the sender S

receives the special message, S is going to retransmit the packet.

According to above analysis, the security strength of O-WEP merely depends on the hash function which HMAC_k adopted. As to SHA-256, when attacker uses birthday attack to crack 256 bits

Figure 5.1 the comparison between WEP and O-WEP

message digest, it needs 2^(256+24)/2 time complexity to meet one collision. This makes attackers pay the very great price if they attempt k RC4

In addition, from Figure 5.1 knows that the packet format of O-WEP is the same as WEP and the only difference between them is that WEP uses IV_i and k to produce KS_i but O-WEP uses MS_i and k to do. In addition, O-WEP does not add any extra fields. Due to this, O-WEP does not use additional network band. As to additional computation quantity, O-WEP needs that is the part used by HMACk. In fact, HMAC_k is included in lots international standard such as RFC 2104, IP security, SSL, and NIPS 198. Besides, HMACk is a special algorithm that could be support by most hardware. Due to this, the extra computation is the available scope of common computer system.

Chapter 6 Conclusion and future work

6.1 Conclusion

In this paper, we describe the security holes of WEP working architecture. In order to eliminate the security holes, we offer the optimized WEP security mechanism called O-WEP. The great advantage of O-WEP is that O-WEP does not need any other hardware renew. Due to this, O-WEP can be the optimized replacement case of WEP. To compare to original WEP, O-WEP has the great improvement in security. Although O-WEP increases neglected additional computation, the extra computation overhead is the available scope of computer system.

6.2 Future work

Future works should focus on the problem of interoperability.

Indeed, deploying mixed networks will be an unavoidable step towards deploying O-WEP. Thus, security threat in this case is the basis issue.

Reference

[1] S. Fluhrer, I. Mantin and A. Shamir, “Weaknesses in the key scheduling algorithm of RC4”, Selected Areas in Cryptography, pp.

1-24, 2001.

[2] M. S. Gast, 802.11 Wireless Networks: The Definitive Guide, 2e, 2005.

[3] H. Krawczyk, M. Bellare and R. Coretti, “The key-hash massage authentication code (HMAC)”, Federal Information Processing Standards Publication 198, 2002.

[4] E. Tews, R. Weinmann and A. Pyshkin, “Breaking 104 bit WEP in less than 60 seconds”, http://www.aircrack-ng.org.

[5] Wi-Fi Alliance, “Wi-Fi Protected Access (WPA)”, http://www.wi-fi.org.

[6] H. Ragab Hassan, and Y. Challal, “Enhanced WEP: An efficient solution to WEP threats”

[7] S. Fluhrer, and D. McGrew, “Statistical Analysis of the Alleged RC4 Key Stream Generator.” Proceeding, Fast Software Encryption 2000.

[8] L. Knudsen, et al. “Analysis Method for Alledged RC4.”

Proceedings, ASIACRYPT’98, 1998

[9] S. Mister and S. Tavares. “Cryptanalysis of RC4-Like Ciphers.”

Proceedings, Workshop in Selected Areas of Cryptography, SAC’98. 1998.