1. Field of the Invention
The present invention relates to a method and an apparatus for encrypting and decrypting data in a wireless Local Area Network (LAN), and particularly, to a method and an apparatus for encrypting and decrypting data in a wireless LAN for compensating disadvantages of wired equivalent privacy (WEP) method used in IEEE 802.11 standard.
2. Description of the Background Art
Generally, a cryptography is a method for preventing data transmitted/received in a communication system from being wiretapped or being forged by someone. In the above method, data is encrypted before the data is transmitted, and a receiving party receives the encrypted data and decrypts it.
In applying the above cryptography, since wireless Local Area Network (LAN) has weaker security than that of wired LAN, such a place where the security system is operated does not use the wireless LAN. Therefore, reference of Institute of Electrical and Electronics Engineers (IEEE) 802.11 suggested an encrypting/decrypting method of wired equivalent privacy (WEP).
In the encrypting/decrypting method in the IEEE 802.11 standard, a transmitter makes a key sequence using a discretionary key and transmits the data after XOR operating the key sequence with the data which will be transmitted, and a receiver decrypts by XOR operating the same key sequence to the received data.
As described above, the WEP provides a mechanism protecting stream of wireless LAN data, and uses symmetric algorithm that the data is encrypted/decrypted using same key and algorithm. The above method will be described in more detail as follows with reference to accompanying Figures.
FIG. 1 is a block diagram showing a data encrypting apparatus in the wireless LAN applied by the WEP according to the conventional art.
As shown therein, the encrypting apparatus comprises: a concatenating unit 110 for outputting a sequence by concatenating an initialization vector and a secret key; a random number generator 120 for generating a key sequence after being seeded the sequence; an ICV generator 160 for generating Integrity Check Value (ICV) using an integrity algorithm in order to decide integrity of data (plain text) which will be transmitted; a concatenating unit 150 concatenating the ICV sequence outputted from the ICV generator 160 and the transmission data, and then, outputting the concatenated result; an XOR operator 130 for XOR operating the key sequence generated in the random number generator 120 and the sequence outputted from the concatenating unit 150; and a concatenating unit 140 for concatenating the sequence XOR operated in the XOR operator 130 and the initialization vector and outputting it as a transmission packet form.
The encrypting method in the wireless LAN system according to the conventional art will be described in more detail as follows.
First, the concatenating unit 110 concatenates the initialization vector (IV) and a secret key. Then, the random number generator 120 generates the key sequence using the concatenated sequence as a seed.
In addition, the concatenating unit 150 concatenates the data which will be transmitted with the ICV which is used for deciding whether or not the received data (plain text) is changed in a decrypting apparatus. At that time, the ICV is generated by the integrity algorithm in the ICV generator 160, and functions as a cyclic redundancy checking (CRC).
After that, the XOR operator 130 generates concatenated data (plain text+ICV) concatenated in the concatenating unit 150 and encrypted data (that is, Ciphertext) which is encrypted by XOR operating with the key sequence generated in the random number generator 120. The encrypted data is concatenated with the initialization vector (IV), and it becomes the final transmission packet. Herein, since the initialization vector (IV) is used to make same key sequence in the decrypting apparatus, it is not encrypted. The transmission packet is shown in FIG. 2.
FIG. 2 is a detailed view showing the transmission packet in FIG. 1.
As shown therein, the transmission packet is transmitted to a channel (not shown) in a form that the initialization vector, transmission data and the ICV are concatenated. At that time, the transmission data is concatenated with the ICV and encrypted once.
The encrypted data described above can be represented as following equation (1).C=P⊙Random(secret key,IV)  equation (1)
Herein, C represents encrypted transmission data, P is original transmission data, ⊙ means XOR operation, and Random (Secret key, IV) means a function generating key sequence using the initialization vector (IV) and the secret key as seeds.
Therefore, when the finally generated transmission packet is transmitted through a channel, the decrypting apparatus constructed as FIG. 3 receives the transmission packet and decrypts the original data.
FIG. 3 is a block diagram showing the decrypting apparatus in the wireless LAN applied by the WEP according to the conventional art.
As shown therein, the decrypting apparatus comprises: a concatenating unit 310 for concatenating a secret key including same sequence as that of the transmitted secret key with the initialization vector of the received packet; a random number generator 320 generating a key sequence after being inputted the sequence concatenated in the concatenating unit 310; an XOR operator 330 for XOR operating the encrypted data (Ciphertext) and the key sequence; a divider 340 receiving the XOR operated sequence and dividing it into the data (plain text) and the ICV; an ICV generator 350 receiving the decrypted data and generating ICV—2 based on the data; and a comparing device 360 comparing the ICV to the ICV—2, and outputting the decrypted data if the ICV and the ICV—2 are coincided with each other.
The data decrypting method in the wireless LAN applied by the WEP according to the conventional art will be described as follows.
First, the concatenating unit 310 concatenates the initialization vector of the received packet and the secret key. Then, the random generator 320 generates the key sequence using the concatenated sequence as a seed.
The XOR operator 330 XOR operates the received encrypted data and the above key sequence, and the divider 340 divides the XOR operated sequence into the data (plain text) and the ICV. At that time, the ICV generator 350 generates the ICV—2 based on the data. Then, the comparing device 360 compares the ICV—2 to the ICV, and then, decides the above data as the data transmitted from the encrypting apparatus.
Above processes are performed as inverse processes of the encrypting processes, and the processes can be identified through following equation.
That is, since C=P⊙ Random(Secret key, IV) in equation (1),
                              C          ⊙                      Random            ⁡                          (                                                Secret                  ⁢                                                                          ⁢                  key                                ,                IV                            )                                      =                ⁢                              [                          P              ⊙                              Random                ⁡                                  (                                                            Secret                      ⁢                                                                                          ⁢                      key                                        ,                    IV                                    )                                                      ]                    ⊙                                                ⁢                  Random          ⁡                      (                                          Secret                ⁢                                                                  ⁢                key                            ,              IV                        )                                                  =                ⁢                  P          ⊙                      [                          Random              ⁡                              (                                                      Secret                    ⁢                                                                                  ⁢                    key                                    ,                  IV                                )                                      ]                    ⊙                                                ⁢                  Random          ⁡                      (                                          Secret                ⁢                                                                  ⁢                key                            ,              IV                        )                          ]                                =                ⁢                  P          ⊙          0                                        =                ⁢        P            
Herein, C represents encrypted receive packet, P represents original transmission data, ⊙ means XOR operation, and Random (Secret key, IV) is a function for generating key sequence using the initialization vector (IV) and the secret key as seeds.
However, according to the conventional WEP encrypting method described above, in case that two transmission data different from each other are encrypted using the same secret key and the initialization vector, sum of two transmission data P1 and P2 which are not encrypted can be identified by XOR operating the two encrypted data C1 and C2.
That is, the above process can be represented as following equation.C1=P1⊙Random(Secret key,IV)C2=P2⊙Random(Secret key,IV)C1⊙C2=[P1⊙Random(Secret key,IV)]⊙[P1⊙Random(Secret key,IV)]=P1⊙P2
At that time, P1 and P2 can be calculated easily from the sum of the two transmission data which are not encrypted (P1⊙ P2), and therefore, P1 and P2 can be obtained easily by monitoring from outer side. In order to prevent above problem, IEEE 802.11 suggests the initialization vector should be changed periodically, however, does not refer detailed method.
Also, even if the initialization vector is changed periodically, same key sequence should be used since the length of the initialization vector is limited to be 24 bits, and then, the changing type of the initialization vector can be exposed easily.
Also, IEEE 802.11 standard transmits the initialization vector without encrypting the vector, and therefore, security for the initialization vector is not made perfectly.