WEP

Wired Equivalent Privacy

Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a traditional wired network.

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.^[1] Within a few months the IEEE created a new 802.11i task force to counteract the problems. By 2003, the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA), which was a subset of then upcoming 802.11i amendment. Finally in 2004, with the ratification of the full 802.11i standard (a.k.a. WPA2), the IEEE declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their security goals".^[2] Despite its weaknesses, WEP is still widely in use.^[3] WEP is often the first security choice presented to users by router configuration tools even though it provides a level of security that deters only unintentional use, leaving the network vulnerable to deliberate compromise.^[4]

WEP is sometimes inaccurately referred to as Wireless Encryption Protocol.

Authentication

Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.

For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (ie, between a WLAN client and an Access Point), but the discussion applies to the Ad-Hoc mode too.

In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys.

In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used:

I) The client station sends an authentication request to the Access Point.

II) The Access Point sends back a clear-text challenge.

III) The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.

IV) The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response. After the authentication and association, WEP can be used for encrypting the data frames.

At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the static WEP key by capturing the four handshake frames in Shared Key authentication.^[1] Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication. (Note that both authentication mechanisms are weak).