Wireless IV Attacks – CompTIA Security+ SY0-401: 3.4

Many encryption methods use initialization vectors to provide additional randomization to the data. In this video, you’ll learn how a poorly implemented initialization vector created an enormous security concern for our wireless networks.

<< Previous Video: Bluejacking and BluesnarfingNext: Wireless Packet Analysis >>

Initialization vectors are a very common mechanism used when dealing with encryption technologies. Whenever you’re sending information back and forth between devices, whether it’s over a wired network or especially over a wireless network, you want to make it as hard as possible for a bad guy who’s sneaking in and looking at that information to be able to decipher that data that’s going back and forth. And if you’re using the same key to encrypt this information and send it across this network every time you’re sending data, you’re making it very easy for the bad guy to go through his algorithms rhythms to decrypt that information. And that’s where initialization vectors come into play. If you can change the key every time and yet have the key exactly the same, you make it very, very difficult for people to be able to decrypt this.

So that’s what the IV, the Initialization Vector, does. It is added to the key to essentially create a scrambled up or different key every time. And it’s done in a way that the station on the other end is able to also know the initialization vector and essentially undo what was done with that. Makes it very, very easy to send information over a network that’s encrypted, but have it different every time that data is sent. Ideally, this now becomes very, very protected data. But as we’re about to find out, it doesn’t always work exactly the way we might have planned.

And if you’re aware with 802.11 with WEP, encryption even though it was using initialization vectors, we created a bit of a problem. It was not implemented in a way that was protecting our data in the best possible form. If you’re trying to make sure that nobody’s able to get into this connection and see this encrypted data, then you want to be sure you’re using a mechanism that’s very, very strong. Unfortunately, with 802.11, we found that the cryptographic algorithms that were used as they were associated with these initialization vectors weren’t strong enough.

There were a number of technological challenges that really created this issue for us with 802.11 WEP. One was that the federal government of the United States said, you can’t do heavy encryption on these wireless networks. We would not be able to look into that if you did. And so it limited the key sizes you would be able to use to encrypt this data. The initial key sizes that you had were only 64 bits in size. Later on, we got that increased to 128 bits, but at that point, it became a little bit more of a problem. We’ll talk more about some of those issues in just a bit.

So what we ended up having was really a 40-bit key. And because the initialization vector is also part of the key, we had 24 bits that were set aside for the initialization vector. So that totaled 64 bits. Let’s look to see exactly how this process occurred. What you would have whenever you’re encrypting data is you have some plain text. You have what you would like to send to the other side. And so we would take that data, and we also created a cyclical redundancy check for that data– a way that we could check on the other side that the data was not changed between point A and point B. So those two things together are what we would like to encrypt and send to the other station.

Now we also have this key that we’re using to encrypt it with. We have our WEP key here, and we have our initialization vector. You can see these boxes are not to scale, so don’t think that the WEP key is necessarily smaller than the IV. But those two things are put together. And a mechanism, a cypher, is used on those to encrypt that data called RC4. RC4 is also something you can use also to decrypt the data very, very easily. And we’ll see why that’s important in a moment. But those two things combined together. The RC4 created a key stream. And the key stream and the combination of the plain text and CRC put through x or mechanism the finally creates the cypher text.

And on the other side, when we’re ready to send it, we take the initialization vector, we connected to the cypher text, and we send it across the network. This is the mechanism that’s used also on the other side. It receives the IV in the cypher text and knows what the IV is so they can then perform, or reverse, the x or. It gets a plain text in a key stream. It reverses the RC4. It knows what the initialization vector is, therefore it knows what the WEP key is, and therefore it’s able now to decrypt what’s going on.

This is also a challenge, of course, because we’re sending the initialization vector in the clear. And there are also some challenges now making sure that this process of encrypting the data really is strong as it really should be. If you’ve ever worked with WEP or you know how to implement this wireless encryption on a wireless network, one of your first challenges is that everybody has the same key. There was no requirement in WEP that people’s keys change over time or that people could have different keys. So everybody tends to have the same key. That means if somebody leaves the organization, they’re taking the key with them. So maybe you have to now change the key. That now also means that you change the configuration in every single person’s wireless station. And sometimes it’s just not practical to be able to do that.

Another problem we found– this is more in the details of the cryptography– is that the initialization vector is only 24 bits long. And in the big scheme of things, that’s a relatively small number. That means that you only have just over 16,000,000 different possible iterations for an initialization vector, which means it’s very, very common once a lot of data goes over the network, to see the same IV crop up again. And if you can get two data streams using the same initialization vector– because I know what that is, it’s in the clear– then I can start comparing those two different pieces of encrypted data to determine the key that was used under the surface. This is probably something that should have been avoided to begin with, but because your key links were so small there wasn’t much of a choice there.

Another piece that was a challenge is that there were certain initialization vectors that would not properly encrypt the data. It wasn’t really giving you a very strong encryption. So certain IVs were creating what we call this weak type of initialization vector. Later on, there were certain devices, certain access points, and certain wireless cards that would not use those weak IVs. But unfortunately, there were devices that absolutely was. And if you could see some of those weak IVs coming across the network, you could then be able to discover what the key is, because things weren’t being encrypted very well.

The bad guys love this. They thought, if I could then create a lot of initialization vectors and really go through a lot of them, I can create a lot of duplicates of those. I’ll churn through 16.7 million of those a couple of times, and I’ll start to see differences in the encrypted data as it’s coming through. So they created software that would essentially just put a ton of packets on the network so that they could churn through all of those IVs and start to get duplicates and start to examine the duplicates. This made it very, very easy to find the key. And if you see some of the modern types of software used to do this, the WEP Crack software that you can download for free on the internet, they’re able in some cases to identify the WEP key in just a few minutes. And that’s why whenever we talk about securing your wireless network, one of the first things we always say is, don’t use WEP. And that’s why some of your new access points don’t even give you an option for WEP encryption, because they know that there are so many attacks out there that can very, very easily take advantage of these problems within initialization vectors in the 802.11 WEP protocol.