Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a secret key.The purpose of the authentication scenario is for the STA to prove that it possesses the secret key. Authentication proceeds as shown in Figure 17.23.The STA sends a message to the AP requesting authentication. The AP issues a challenge, which is a sequence of 128 random bytes sent as plaintext. The STA encrypts the challenge with the shared key and returns it to the AP.The AP decrypts the incoming value and compares it to the challenge that it sent. If there is a match, the AP confirms that authentication has succeeded.

a. What are the benefits of this authentication scheme?

b. This authentication scheme is incomplete.What is missing and why is this important?
Hint: The addition of one or two messages would fix the problem.

c. What is a cryptographic weakness of this scheme?

Transcribed Image Text:

STA Station sends a request for authentication. Station responds with encrypted version of challenge number. Request Challenge Response Success Figure 17.23 WEP Authentication AP AP sends challenge message containing 128-bit random number. AP decrypts challenge response. If match, send authentication success message.