WPA to the Rescue!
In Chapter 3, we discussed some of the vulnerabilities of WEP. Let's refresh our memory.
First, remember that WEP uses a 24-bit IV as part of the seeding material that gets plugged into RC4. IVs should never be repeated, but this happens frequently because the 24-bit IV space gets exhausted after just a few hours in heavy traffic. When an IV is used twice (called an IV collision), WEP is vulnerable to key stream and replay attacks. A key stream attack is based on the fundamental principal that the XOR of two cipher texts equals the XOR of two plain texts. A replay attack takes a known key stream and uses it to forge a new packet. Replay attacks are possible because out-of-sequence IVs are accepted under WEP.
Another major issue with WEP is the key scheduling algorithm flaws discovered by FMS and used by tools such as AirSnort, WEPCrack, and dweputils to crack WEP keys after capturing large amounts of cipher text.
Finally, the Integrity Check Value (ICV) function uses a 32-bit CRC that can be tampered with in transit using a bit-flipping technique. This allows attackers to modify a packet en route and change bits in the ICV, making the alteration undetectable.
WPA solves these problems using TKIP and 802.1x.
TKIP addresses these weaknesses:
Forgery attacks: ICV using 32-bit CRC is linear and can be manipulated.
Weak key attacks: RC4 stream cipher is vulnerable to FMS attacks (AirSnort, WEPCrack, dweputils, etc.).
802.1x addresses these weaknesses (see Chapter 6 for more details):
Lack of key management
No support for “enhanced” authentication methods (tokens, smart cards, certificates, biometrics, one time passwords, etc.)
No user identification and authentication
No centralized authentication or authorization
The first WPA complaint products began hitting the shelves in May 2003. Note, however, that the enhancements provided by WPA are not applicable to ad hoc (peer-to-peer) networks and only improve security for infrastructure (BSS/ESS) networks using an AP.