Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0016
Type: Vulnerability
Status: Candidate
Classification:
Design Flaw
Description:
The 802.11 Wired Equivalent Privacy algorithm uses CRC32 values that may fail to ensure the integrity of decrypted messages.
Discussion:
During the WEP encryption process the sender computes a CRC32 value for the plaintext to be encrypted and sent to the receiver. This value is known as the ICV (Integrity Check Value). This value is then appended to the end of the plaintext and XOR encrypted with a keystream produced by the RC4 algorithm.
Upon reception the receiver will decrypt the frame's payload by regenerating the RC4 keystream and XOR-ing it with the encrypted payload. After doing this, the receiver will then compute a CRC32 value for the plaintext generated from the received frame and compare it against the decrypted ICV. If they match, then it is assumed that the encrypted payload was not tampered with and the resulting plaintext is genuine.
The vulnerability in this method stems from the fact that the ciphertext can be XOR-ed with a delta bit pattern by an attacker to flip arbitrary bits in the decrypted plaintext. This also allows for the encrypted ICV to be modified so that its decrypted value will match the CRC32 calculated for the resulting plaintext on the receiver. Thus it is possible for an attacker to modify a message and its ICV, so that it will appear valid to the message's receiver.
Credits
Author:
David
Wagner
(daw@cs.berkeley.edu)
: UC Berkeley
Author:
Eric
Brewer
(brewer@cs.berkeley.edu)
: UC Berkeley
Author:
Nikitia
Borisov
(nikitab@cs.berkeley.edu)
: UC Berkeley
Author:
Ian
Goldberg
(iang@cs.berkeley.edu)
: UC Berkeley
References
URL:
http://www.cs.berkeley.edu/~daw/papers/wep-mob01.pdf
BID:
http://www.securityfocus.com/bid/2357
Released: 2001-01-30
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Mon Oct 24 10:47:37 -0700 2005
Candidate Date: Mon Oct 24 10:48:49 -0700 2005
