MIS430Assign2 - MIS 430 Assignment #2 1. (10 points) Answer...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
MIS 430 Assignment #2
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
1. (10 points) Answer the following questions related to security in 802.11. a. What is WEP? Why do we need WEP? WEP know as Wired Equivalent privacy WEP provides data confidentiality services by encrypting the data sent between wireless nodes, intended to make Wi-Fi as secure as wired Ethernet network. Encrypts the data sent between two nodes on the WLAN. This standard was designed when cryptographic standards were hamstrung by government export rules. Original keys were limited to 40 bits. This particular standard uses a single, static, shared key for authentication and encryption. We need Wired Equivalent privacy because it chooses 64-bit or 128-bit key. WEP also offer us choice to set up weather ASCII (plain alphanumeric text or Hex (hexadecimal number) we can also set key on AP and all clients. Some products let you enter multiple keys-you choose the primary key. Built-In Security in WEP you can enter a string of plain text characters and the software automatically creates a hex key based on what you type. Not all products support it, so if you generate a Hex key with a passphrase on one product, you should write it down to use with other products. So this product is unique. b. How does WEP work? WEP encryption uses a shared- secret key and the RC4 encryption algorithm know as symmetric stream cipher. A stream cipher uses a stream of bits, called the key stream, which is combined with the message to produce the cipher text. To recover the original message the receiver processes the cipher text with an identical key stream. RC4 uses the exclusive OR(XOR) operation to combine the key streams and the message frame to generate the cipher text, and key stream and cipher text to recover the sent message frame. The access point (AP), and all stations that connect to it, must use the same shared key. For each packet of data sent in either direction, the transmitter combines the contents of the packet with a checksum of the packet. The WEP standard then calls for the transmitter to create a packet-specific initialization vector (IV), which is combined with the key and used to encrypt the packet. The receiver generates its own matching packet key and uses it to decrypt the packet. In theory, this approach is better than the obvious tactic of using the shared-secret key alone, because it adds a packet-specific bit of data that should make it harder for an opponent to crack. c. What is the weakness of WEP? 1. Reuse of the key stream is the major weakness in any stream cipher-based cryptosystem. 2. WEP uses the IV to encrypt different packets with different RC4 keys. However, the IV is part of the packet header and is not encrypted, so eavesdroppers are tipped off to packets that are encrypted with the same RC4 key. 3. Infrequent rekeying allows attackers to assemble large collections of frames encrypted with
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

MIS430Assign2 - MIS 430 Assignment #2 1. (10 points) Answer...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online