Main Page

encyclopedia.codeboy.net
 

Wired Equivalent Privacy

Wired Equivalent Privacy (WEP), part of the IEEE 802.11 standard (ratified in September 1999), is a scheme used to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping — WEP was designed to provide equivalent security to a traditional wired LAN. However, several serious weaknesses were identified by cryptographers, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite its inherent weaknesses, WEP provides a bare minimal level of security that prevents casual snooping of home networks when properly configured.

Table of contents
1 Details
2 Flaws
3 References
4 External links

Details

\nWEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.\nFor RC4, WEP uses two key sizes: 40 bit and 104-bit; to each is added a 24-bit initialisation vector (IV) which is transmitted in the clear.

Flaws

\nCam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. Two generic weaknesses were that 1) the use of WEP was optional, resulting in many installations never even activating it, and 2) WEP did not include a key management protocol, relying instead on a single shared key amongst users. More specific attacks have also become evident: in August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher is used, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours; the attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software. Cam-Winget et al. write, "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected netwoks from distances of a mile or more from the target."

References

\n* Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.\n* Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Commun. ACM 46(5): 35-39 (2003)\n* Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.

External links

\n*(In)Security of the WEP algorithm\n*Weaknesses in the Key Scheduling Algorithm of RC4\n* List of security problems with WEP\n*Several software tools are available to compute and recover WEP keys by passively monitoring transmissions.\n**AirSnort\n**WEPCrack\nCategory:Cryptographic protocols \n\n\n

"Always do right- this will gratify some and astonish the rest." - Mark Twain (1835-1910)