Encryption, or information scrambling, technology is an important security tool in network communication. Properly applied, encryption can provide a secure communication channel even when the underlying system and network infrastructure is not fail-safe secure. This is particularly important when data passes through shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data—and especially passwords—should be encrypted in order to protect them from unintended disclosure or modification.
Encryption is a procedure that involves a mathematical transformation of information into scrambled text, called “cipher text.” The computational process (an algorithm) uses a key—a large number associated with a password or pass phrase—to compute or convert plain text into cipher text with numbers or strings of characters. The resulting encrypted text is decipherable only by the holder of the corresponding key. This deciphering process is called decryption.
Two basic types of encryption in use today are known as private key (also referred to as single or symmetrical key) encryption and public key (or asymmetrical) encryption.
In private key encryption systems, the key for encrypting a file is the same as the key for decrypting it. The key must be kept secret so that unauthorized parties cannot, even with knowledge of the algorithm, complete the decryption process. Private key encryption is essentially the same as a secret code that each of the hosts must know in order to decode information. The code provides the key to decoding the message. A private key system is generally advantageous for a relatively small group of encryptors because the task of key management, including key changes, is easily administered.
Private key encryption is used in standard algorithms such as Data Encryption Standard algorithm (DES), which was introduced, in the early 1970's. The DES algorithm uses a 56-bit key to encrypt and decrypt information. DES splits each message into blocks (i.e., hashs) and then encodes each block one at time. At its inception DES was adopted as an approved algorithm for United States federal government use, but it is no longer considered adequately secure because a 56-bit key can be broken by brute force in a relatively short period of time. DES has since been superceded by the Advanced Encryption Standard (AES), using the Rijndel algorithm. AES operates with 128, 192 or 256 bit keys.
In public key cryptography systems, each user has a pair of keys: one private and one public. The public key is not secret—it is provided to all users who may want to send an encrypted message to the key's owner. The sender uses the recipient's public key to encrypt the message and “signs” it electronically with the sender's own private key (which resides on the sender's host and is held private). The recipient then decrypts the incoming message using its private key and verifies the authenticity of the sender's electronic signature using the sender's public key.
An example of a common public-key encryption tool that is utilized on the Internet is Pretty Good Privacy (PGP). PGP is a highly secure public key encryption program that is compatible with Microsoft Exchange/Outlook and Eudora email clients. Another example of a public key system is GnuPG, which is a free (open source) command-line product that is compatible with PGP public and private keys. Additionally, email clients such as Microsoft Outlook Express and Netscape Communicator offer a form of public key encryption based on the secure MIMI standard. Typically, the email client encryptors are weaker forms of encryption having a less ubiquitous standard and require trust be placed in a central commercial certifying authority.
Encryption is useful for messages transmitted via a variety of network architectures including Wireless Local Area Networks (WLANs). WLANs are becoming more popular in corporate networks where the mobility of laptops and ad-hoc network connections are essential. Without adequate protection, wireless LAN traffic can easily be intercepted. Security in the data link layer is crucial since data is transmitted through a wireless medium between Network Interface Cards (NICs) and Access Points (APs). Currently, wireless LAN uses the stream encryption algorithm based on the static key, known as Wired Equivalent Privacy (WEP). The WEP algorithm is the standard encryption algorithm in IEEE 802.11, 802.11a, and 802.11b. WEP is implemented in the MAC layer that most NICs and Access Point vendors support. It was chosen as the standard because it was deemed reasonably strong, self-synchronizing, and computationally sufficient
If a user activates WEP, the NIC encrypts the payload of each 802.11 frame before transmission using an RC4 PRNG (Pseudo Random Number Generator) stream cipher provided by RSA Data Security of Bedford, Mass. The receiving entity, such as an Access Point or another NIC, performs decryption upon receipt of the frame. As a result, 802.11 WEP only encrypts data between 802.11 stations. Once the data enters the wired side of the network, such as between two Access Points, WEP no longer applies.
The WEP algorithm is a form of electronic codebook in which a block of plaintext is bitwise XORed with a pseudorandom key sequence of equal length. The key sequence is generated by the WEP algorithm. The WEP algorithm is symmetric so that the same key is used for encipherment and decipherment. As part of the encryption process, WEP prepares a keyschedule (“seed”) by concatenating the shared secret key supplied by the user of the sending host with a random-generated 24-bit initialization vector (IV). The IV lengthens the life of the secret key because the host can change the IV for each frame transmission while the secret key remains constant. WEP inputs the resulting “seed” into a PRNG.
The PRNG produces a key sequence, k, of pseudorandom octets equal in length to the frame's payload plus a 32-bit integrity check value (ICV). The ICV is a check sum that the receiving host eventually recalculates and compares to the one sent by the sending host to determine whether the transmitted data underwent any form of tampering while in transit. If the receiving station calculates an ICV that doesn't match the one found in the frame, then the receiving station can reject the frame or flag the user.
In effect, the WEP PRNG transforms a relatively short secret key into an arbitrarily long key sequence. This transformation greatly simplifies the task of key distribution between communicating hosts. As previously noted, the IV extends the useful lifetime of the secret key and, additionally, provides the self-synchronous property of the algorithm. Each new IV value results in a new seed and key sequence, thus there is a one to one correlation between the IV and key sequence, k.
WEP specifies a shared secret 40 or 104-bit key to encrypt and decrypt the data. Some vendors also include 128 bit keys (known as “WEP2”) in their products. With WEP, the receiving host must use the same key for decryption. Each NIC and Access Point, therefore, must be manually configured with the same key.
Before transmission takes place, WEP combines the key sequence with the payload/ICV through a bitwise XOR process, which produces ciphertext (encrypted data). WEP includes the IV in the clear (unencrypted) within the first few bytes of the frame body. The receiving station uses this IV along with the shared secret key supplied by the user of the sending station to decrypt the payload portion of the frame body.
Although not required by the 802.11 standard, the sending station will use a different IV for each frame in most cases. When transmitting messages having a common beginning, such as the “FROM” address in an e-mail, the beginning of each encrypted payload will be equivalent when using the same key. After encrypting the data with the same key, the beginnings of these frames would offer a pattern that can aid hackers in cracking the encryption algorithm. Since the IV is different for most frames, WEP guards against this type of attack. The frequent changing of IVs also improves the ability of WEP to safeguard against someone compromising the data.
However, WEP is not without serious limitations due to lack of IV space, the static nature the key and the simplicity of the key-scheduling algorithm.
First, the seed to the PRNG is formed from a simple merge of the shared secret key and the IV value in order to create either the 64-bit or 128-bit RC4Key. The only portion of the RC4Key that varies is the IV and since the IV consists of only 24 bits, WEP eventually uses the same IV for different data packets. In fact, the same RC4Key is repeated after transmitting packets once every 224 times. For a large busy network, this reoccurrence of IVs can happen within an hour or so. This results in the transmission of frames having key sequences that are undesirably similar. If a hacker collects enough frames based on the same IV, the individual can determine the shared values among them, i.e., the key sequence or the shared secret key. This scenario is commonly referred to as IV collision and occurs due to the lack of IV space.
The static nature of the shared secret keys emphasizes the IV collision problem. The 802.11 standard does not provide any functions that support the exchange of keys among stations. As a result, system administrators and users generally use the same keys for weeks, months, and even years. This gives potential hackers plenty of time to monitor and hack into WEP-enabled networks.
Secondly, WEP provides an initial IV value that is prone to simple decryption of the shared secret key. In most systems, the initial IV value assigned to a data packet is zero and subsequent data packets are incremented by one. Therefore, a strong cross correlation between the RC4key that has an IV value of zero and the RC4Key that has an arbitrary IV value is expected. Hence, it becomes easier to decrypt the shared secret key.
Thirdly, WEP provides for an error check process known as CRC-32 (Cyclic Redundancy Code-32) to be performed on the payload portion of the MAC Protocol Data Unit (MPDU) before the WEP encryption procedure. Since CRC checks and corrects the errors by using a linear check sum, the linear check sum can remain correct as arbitrary data bits are altered so long as corresponding bits of the linear check sum are similarly altered. Therefore if an attacker intercepts a packet in transit and alters its contents before delivering it to the destination system, the information or data contained within the packet can be easily destroyed or changed without raising any suspicion.
As described above, WEP has a number of limitations. Moreover, additional limitations of the WEP algorithm include a decrease in transmission rate due to the necessary redundancy built into the algorithm.
Hence, a new encryption algorithm is desired that provides for a heightened level of security beyond the level found in the WEP algorithm. The new algorithm should address WEP's concerns related to IV collision and, in particular, the static nature of the key. Additionally, the new algorithm should overcome WEP's limitation in terms of initial IV values and ease of illegal decryption of the shared secret key. The new encryption algorithm should also address the limitations of the error check process that typify the WEP algorithm.