Manualshelf

User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022
81828384858687888990
Table Of Contents
Date Code 20050615 Instruction Manual SEL-3022 Transceiver
Wireless Operator Interface Security
IEEE 802.11 WEP Security
C.5
Cryptographic Manual—Do Not Copy
IEEE 802.11 WEP Security
The IEEE 802.11 designers included provisions for data encryption and authentication
to provide what they considered strong data security and network access control. The
Wired Equivalent Privacy (WEP) procedures outlined in the standard provide both
functions. WEP encryption cryptographically scrambles the data contents of the Media
Access Control (MAC) packet prior to transmission. The MAC packets can be
intercepted, but the data scrambling the encryption process provides will, in theory,
make the data payload and network headers (above the MAC network layer)
incomprehensible. The encryption and decryption operations are a function of the
original message data and a secret encryption key. For symmetric encryption
algorithms, such as the RC-4 algorithm WEP uses, the encryption key and decryption
keys are identical. Several factors, including the following, determine the strength or
security of the encryption process:
The secrecy of the key
The length of the key
How often the key value changes
The cryptographic strength of the encryption algorithm
Because the encryption and decryption keys are identical for symmetric encryption
algorithms, the theft or deduction of the key value by a malicious individual will
remove any protection WEP encryption offers. There are a few common methods for
determining a key value. The would-be attacker can simply steal the key value in some
manner. If that option is not available, the attacker can attempt to guess the key value.
The difficulty of such a guessing, or brute-force attack, grows exponentially with the
length of the key. The encryption process can be strengthened against key-guessing
attacks through periodic changes to the key value. If someone ever guesses the key
value, the attacker can only decrypt the data processed with that key. Changing the key
value on a periodic basis can significantly reduce the data a single key processes.
Finally, the cryptographic strength of the encryption algorithm determines how
difficult it is to compromise portions of the encrypted messages. If the algorithm is
cryptographically sound, it is extremely difficult mathematically to compromise the
key value or message contents from publicly available knowledge. Publicly available
knowledge includes the encrypted message itself, known as ciphertext, and prior
knowledge of the contents of the message This prior knowledge, for example, could
include the statistics of English text or knowledge of the location and value of an
encrypted header field. The IEEE 802.11 standard specifies that if the incoming packet
cannot be decrypted properly, it must be dropped and ignored. All hosts must know the
value of the secret encryption key prior to being granted network access. The network
designer controls the dissemination of the key value and, therefore, controls who has
access to the WEP-protected network.
Preliminary Copy