ANSIIEEE Std 802'11, 1999 Edition

1
ANSI/IEEE Std 802.11, 1999 Edition

• Chapter 8
• Authentication and privacy
• Michael Gray
• EEC 687

2
Authentication services

• IEEE 802.11 defines two subtypes of
• authentication services
• 1. Open System
• 2. Shared Key

3
Open System authentication

• Simple, null authentication (non-secure)
• Two-step transaction sequence
• Identity assertion and request for authentication
• Authentication Response

4
Open System Authentication
Requester
Responder
Authentication Request
Response
5
Shared Key authentication

• More secure
• Requires WEP
• Shared key is delivered independent of 802.11
• Four step authentication sequence
• Request Authentication
• Challenge Text 128 octets (unencrypted)
• Challenge Response
• Confirmation

6
Shared Key Authentication
Requester
Responder
Authentication Request
Challenge Text
Challenge Response
Confirmation
7
Shared Key Authentication

• Both challenge and encrypted challenge are
  transmitted during authentication. This may be
  used to determine the shared key
• The same key/IV pair should not be used for
  subsequent frames

8
The Wired Equivalent Privacy (WEP) algorithm

• Protects authorized users or a wireless LAN from
  casual eavesdropping.
• Intended to provide equivalent security to that
  provided by a wired medium

9
WEP Properties

• Reasonably strong
• It is difficult to discover the secret key
  through a brute force attack.
• Self-synchronizing
• WEP is self-synchronizing for each message.
• Efficient
• May be implemented in either hardware or
  software.
• May be exportable
• Designed to maximize chances of approval by the
  U.S. Department of Commerce, for export from the
  U.S.
• Optional
• Use of WEP is optional.

10
WEP Encryption

• Key is symmetric
• Both encryption and decryption use same key
• Plaintext is bitwise XORed with a pseudorandom
  key sequence of equal length.
• The key is generated by the WEP algorithm

11
WEP Data Channel
12
WEP Encipherment
13
WEP Decipherment
14
WEP Frame