Lecture 9
Contents
- Don’t write your own cryptographic algorithm.
Wired Equivalent Privacy
WEP was a very flawed technology that was once used to encrypt and secure wireless network traffic. Since then, newer technologies like WPA2 (and soon WPA3) have been released, and is urged to use.
The payload data was encrypted by performing an XOR against an RC4 stream cipher.
Whilst the concept of XOR’ing data was not the reason that WEP was vulnerable - the way that it was implemented was the reason for its downfall.
By capturing enough broadcasted network packets, the IVs could be discovered; rendering the ‘unknown’ sequence of RC4 bytes determinable. With the sequence of bytes XOR’d against known, it was easy to decrypt the original data. Two values that have been XORed by a third value can be XORed together to recover that third value.
Mixing data and control
Having the payload data and control data sent in the same stream is dangerous, as modification to the control data (such as the destination address) may lead to sensitive information being sent to unintended parties.
This is something that WEP is also vulnerable to.
By modifying the destination address in a TCP/IP packet, the access point would naively transmit the information directly to you.