Wired Equivalent Privacy (WEP) is one method of providing encryption services to wireless networking. When a wireless connection enables WEP, the wireless network interface card (NIC) encrypts each data packet transmitted on the network using the RC4 stream cipher algorithm. The WAP then decrypts the data packets on receipt.
Warning Wireless encryption only encrypts data between the wireless client and the WAP. Once the data is on the wired network, no encryption is applied, unless the wireless client applies other encryption technologies, such as virtual private networking or Internet Protocol Security (IPSec).
WEP requires that both the wireless client and WAP share a 40-bit or a 64-bit symmetric encryption key. When WEP is implemented alone, the wireless client and WAP must configure the encryption key manually. If 802.1x authentication (as described later in this chapter) is implemented, the encryption key is configured only at the WAP and securely transmitted to the wireless client.
Note Some hardware vendors also provide support for a 128-bit WEP key.
The symmetric encryption key is concatenated to a randomly generated 24-bit initialization vector (IV). The IV lengthens the lifetime of the symmetric key due to the random generation of the IV. A new IV is used for each frame transmitted between the wireless client and the WAP.
The problem with WEP is that a brute force attack can be executed successfully in a short period of time. The weakness in WEP's implementation is two-fold.
■ The symmetric encryption key is rarely changed. Once an organization inputs a WEP key, it typically does not change. This is especially true if both the wireless client and the WAP must input the key manually.
■ The IV is only 24 bits and is re-used over time. When WEP is deployed on a large network, an IV is re-used about every hour. An application such as AirSnort can capture frames over a period of time and determine what the WEP key is based on by identifying frames that use the same IV.
Note For a detailed analysis of WEP weaknesses, see the article, "Security of the WEP Algorithm," referenced in the "Additional Information" section of this chapter.
Was this article helpful?