Introduction to WEP
Wired Equivalent Privacy (WEP) is an algorithm that is used to secure wireless networks. WEP was introduced in 1997. Since 2001 serious weaknesses are being discovered in the WEP algorithm, nowadays it can be cracked in little time using programs like Aircrack. WEP is still widely used, although it has been superseded by a better algorithm, known as Wi-Fi Protected Access (WPA).
WEP Encryption Details
WEP uses the stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity. It was deprecated as a wireless privacy mechanism in 2004, but for legacy purposes is still documented in the current standard. Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key. At the time that the original WEP standard was being drafted, U.S. Government export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).
A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key. A 256-bit WEP system is available from some vendors, and as with the 128-bit key system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits = 256-bit WEP key.
Key size is not the only major security limitation in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that simulate the necessary traffic (eg. injection). There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key.
There are two methods of authentication: Open System Authentication and Shared Key Authentication. Open System Authentication only requires a key, everyone with that key can connect to the wireless network (actually there is no authentication). After the client connected, the WEP key can be used for encrypting the data frames. Shared Key Authentication might seem more secure, because it uses a four-way challenge-response handshake method, but it is not. Shared Key authentication works like this:
- The client station sends an authentication request to the Access Point.
- The Access Point sends back a clear-text challenge.
- The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
- The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.