Wired Equivalent Privacy (WEP) and the security weakness of Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) was introduced as part of the original 802.11 protocol in 1997, to provide confidentiality as that of wired network. Wired Equivalent Privacy (WEP) has many security flaws, one of which involves its use of Initialization Vectors (IV). Wired Equivalent Privacy (WEP) Initialization Vectors (IVs) are 24 bits long. For encryption, Wired Equivalent Privacy (WEP) can use only a 64-bit or 128-bit number, which is made up of a 24-bit Initialization Vector (IV) and a 40-bit or 104-bit default key. The use of short keys reduces the encryption strength, because short keys are easy to break. The Wired Equivalent Privacy (WEP) also creates a detectable pattern for attackers. The above characteristics make Wired Equivalent Privacy (WEP) wireless networks susceptible to intrusion.

Wired Equivalent Privacy (WEP) uses the RC4 encryption algorithm for encryption.

The process is described before.

The plaintext message is run through an integrity check algorithm and the Integrity Check Value (ICV) is appended to the end of the original plaintext message. A 24-bit initialization vector (IV) is generated and added to the beginning of the secret key that is then input to the RC4 Key Scheduling Algorithm (KSA) to generate a seed value for the Wired Equivalent Privacy (WEP) Pseudo-Random Number Generator (PRNG). The Wired Equivalent Privacy (WEP) Pseudo-Random Number Generator (PRNG) then generates the encrypting cipher-stream. The above generated cipher-stream is then XOR’d with the plaintext/ICV message to create the Wired Equivalent Privacy (WEP) cipher text. Last the cipher text is then added with the IV (in plaintext) and then transmitted.

The decryption process is the reverse of the encryption process. First, the Initialization Vector (IV) is removed from the data packet and merged with the shared password. This value is then used with KSA, and subsequently used to recreate the key stream. The stream and encrypted data packet are XORed together, which results in the plaintext output. The Integrity Check Value (ICV) is then removed from the plaintext and compared against a recalculated Integrity Check Value (ICV) and the packet is then either accepted or rejected according to the results of calculation.

The weakness of Wired Equivalent Privacy (WEP) is because of the small value of IVs. Within a short period of time all keys are reused. This weakness of Wired Equivalent Privacy (WEP) is the same for different encryption levels, because all use the 24 bit IV.

Related Tutorials