Wired Equivalent Privacy (WEP) is part of the IEEE 802.11 standard (ratified in September 1999), and is a scheme used to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping; WEP was designed to provide comparable confidentiality to a traditional wired network, hence the name. However, several serious weaknesses were identified by cryptographers, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping.

Details

WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. For RC4, WEP uses two key sizes: 40 bit and 104-bit; to each is added a 24-bit initialisation vector (IV) which is transmitted in the clear.

Flaws

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. Two generic weaknesses were that:

• the use of WEP was optional, resulting in many installations never even activating it, and
• WEP did not include a key management protocol, relying instead on a single shared key amongst users.

More specific attacks have also become evident: in August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher is used, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours; the attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software. Cam-Winget et al. write, "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."

References

• Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.
• Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Communications of the ACM 46(5): 35-39 (2003)
• Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.

External links

• (In)Security of the WEP algorithm (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html)
• Weaknesses in the Key Scheduling Algorithm of RC4 (http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf)
• List of security problems with WEP (http://www.cs.umd.edu/~waa/wireless.html)
• Several software tools are available to compute and recover WEP keys by passively monitoring transmissions.
  • aircrack (http://www.cr0.net:8040/code/network/)
  • AirSnort (http://airsnort.shmoo.com/)
  • WEPCrack (http://sourceforge.net/projects/wepcrack)
  • Weplab (http://sourceforge.net/projects/weplab)