Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a traditional wired network. Look up Deprecation in Wiktionary, the free dictionary. ... IEEE 802. ... A computer network is an interconnection of a group of computers. ... To eavesdrop is to surreptitiously overhear a private conversation. ... This article is about the property of being confidential. For the magazine of the same name, see Confidential (magazine). ... LAN redirects here. ...

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.^[1] Within a few months the IEEE created a new 802.11i task force to counteract the problems. By 2003, the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA), which was a subset of then upcoming 802.11i amendment. Finally in 2004, with the ratification of the full 802.11i standard (a.k.a. WPA2), the IEEE declared that both WEP-40 and WEP-104 "have been deprecated as they fail to meet their security goals".^[2] Despite its weaknesses, WEP is still widely in use.^[3] WEP is often the first security choice presented to users by router configuration tools even though it provides a level of security that deters only unintentional use, leaving the network vulnerable to deliberate compromise.^[4] Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information without access to the secret information which is normally required to do so. ... The Institute of Electrical and Electronics Engineers or IEEE (pronounced as eye-triple-ee) is an international non-profit, professional organization incorporated in the State of New York, United States. ... IEEE 802. ... Official Wi-Fi logo The Wi-Fi Alliance is a trade group that owns the trademark to Wi-Fi. ... Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. ... In computer software standards and documentation, deprecation is the gradual phasing-out of a software or programming language feature. ...

WEP is sometimes inaccurately referred to as Wireless Encryption Protocol.

Encryption details

WEP was included as the privacy of the original IEEE 802.11 standard ratified in September 1999.^[5] WEP uses the stream cipher RC4 for confidentiality,^[6] and the CRC-32 checksum for integrity.^[7] It was deprecated as a wireless privacy mechanism in 2004, but for legacy purposes is still documented in the current standard.^[8] IEEE 802. ... The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ... In cryptography, RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). ... This article is about the property of being confidential. For the magazine of the same name, see Confidential (magazine). ... A cyclic redundancy check (CRC) is a type of hash function used to produce a checksum which is a small integer from a large block of data, such as network traffic or computer files, in order to detect errors in transmission or duplication. ... This article is about the ethical concept. ...

Basic WEP encryption: RC4 keystream XORed with plaintext

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key. At the time that the original WEP standard was being drafted, U.S. Government export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104). Image File history File links This is a lossless scalable vector image. ... 40-bit encryption is a key size for symmetric encryption representing a low-level of security where the key is forty bits in length (five bytes). ... In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to... Since World War II, Western governments, including the U.S. and its NATO allies have regulated the export of cryptography for national security considerations. ...

A 128-bit WEP key is almost always entered by users as a string of 26 Hexadecimal (Hex) characters (0-9 and A-F). Each character represents 4 bits of the key. 4 × 26 = 104 bits; adding the 24-bit IV brings us what we call a "128-bit WEP key". A 256-bit WEP system is available from some vendors, and as with the above-mentioned system, 24 bits of that is for the I.V., leaving 232 actual bits for protection. This is typically entered as 58 Hexadecimal characters. (58 × 4 = 232 bits) + 24 I.V. bits = 256 bits of WEP protection.

Key size is not the only major security limitation in WEP.^[9] Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets,^[6] that are not helped at all by a longer key. Close-up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ...

Authentication

Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.

For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (ie, between a WLAN client and an Access Point), but the discussion applies to the Ad-Hoc mode too. A wireless ad-hoc network, also known as IBSS - Independent Basic Service Set, is a computer network in which the communication links are wireless. ...

In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys.

In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used:

I) The client station sends an authentication request to the Access Point.

II) The Access Point sends back a clear-text challenge.

III) The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.

IV) The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response. After the authentication and association, WEP can be used for encrypting the data frames.

At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the static WEP key by capturing the four handshake frames in Shared Key authentication.^[1] Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication. (Note that both authentication mechanisms are weak).

Remedies

Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) can provide secure data transmission over an insecure network. However, replacements for WEP have been developed with the goal of restoring security to the wireless network itself. Wikipedia does not yet have an article with this exact name. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... SSH redirects here. ...

802.11i (WPA and WPA2)

The recommended solution to WEP security problems is to switch to WPA2 or the less resource intensive WPA. Either is much more secure than WEP.^[10] To add support for WPA or WPA2, some old Wi-Fi access points might need to be replaced or have their firmware upgraded. WPA was designed as an interim software solution for WEP; it runs on the same hardware that WEP does.^[11] IEEE 802. ... Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. ... A wireless access point (WAP or AP) is a device that connects wireless communication devices together to create a wireless network. ... A microcontroller, like this PIC18F8720 is controlled by firmware stored inside on FLASH memory In computing, firmware is a computer program that is embedded in a hardware device, for example a microcontroller. ...

Implemented non-standard fixes

WEP2

This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.^[12] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.

After it became clear that the overall WEP algorithm was deficient however (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm was dropped. The two extended key lengths remained in what eventually became WPA's TKIP. In cryptography, TKIP (Temporal Key Integrity Protocol) is a security protocol used in Wi-Fi Protected Access (WPA). ...

WEPplus

Also known as WEP+. A proprietary enhancement to WEP by Agere Systems (formerly a subsidiary of Lucent Technologies) that enhances WEP security by avoiding "weak IVs".^[13] It is only completely effective when WEPplus is used at both ends of the wireless connection. As this cannot easily be enforced, it remains a serious limitation. It is possible that successful attacks against WEPplus will eventually be found. It also does not necessarily prevent replay attacks. Agere Systems Inc. ... On September 30, 1996, AT&T spun off its Systems and Technology units (AT&T Technologies, Inc. ... A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. ...

Dynamic WEP

Change WEP keys dynamically. Vendor-specific feature provided by several vendors such as 3Com. 3Com (NASDAQ: COMS) is a manufacturer best known for its computer network infrastructure products. ...

The dynamic change idea made it into 802.11i as part of TKIP, but not for the actual WEP algorithm. In cryptography, TKIP (Temporal Key Integrity Protocol) is a security protocol used in Wi-Fi Protected Access (WPA). ...

See also

• Stream cipher attack

Stream ciphers where plaintext bits are combined with a cipher bit stream by an exclusive-or operation (xor) can be very secure if used properly. ...

References

Wikipedia does not yet have an article with this exact name. ... Ian Avrum Goldberg (born March 31, 1973) is a Canadian cryptographer, entrepreneur, and cypherpunk. ... David Wagner David A. Wagner (1974) is an Assistant Professor of Computer Science at the University of California, Berkeley and a well-known researcher in cryptography. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 255th day of the year (256th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 70th day of the year (71st in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 70th day of the year (71st in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... In cryptography, the Fluhrer, Mantin, and Shamir attack allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... Proxim Wireless is a Silicon Valley-based company that builds scalable broadband wireless networking systems for communities, enterprises, governments, and service providers. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ... Business Wire logo == THIS POSTING MAY BE IN VIOLATION AND MAY NEED TO BE EDITED. IT READS AS AN ADVETISIMENT AND ITS CLAIMS HAVE NOT BEEN VERIFIED. == Business Wire is a company that disseminates full-text news releases from thousands of companies and organizations worldwide to news media, financial markets... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini (or common era), in accordance to the Gregorian calendar. ... is the 75th day of the year (76th in leap years) in the Gregorian calendar. ...

External links

• WEP Strong Key Generator