wired equivalent privacy

Wired Equivalent Privacy (WEP) is part of the IEEE 802.11 standard (ratified in September 1999), and is a scheme used to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping; WEP was designed to provide comparable confidentiality to a traditional wired network, hence the name. However, several serious weaknesses were identified by cryptographers, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping.

Details

WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. For RC4, WEP uses two key sizes: 40 bit and 104-bit; to each is added a 24-bit initialisation vector (IV) which is transmitted in the clear.

Flaws

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. Two generic weaknesses were that:

the use of WEP was optional, resulting in many installations never even activating it, and
WEP did not include a key management protocol, relying instead on a single shared key amongst users.

More specific attacks have also become evident: in August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher is used, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours; the attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software. Cam-Winget et al. write, "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."

References

Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.
Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Communications of the ACM 46(5): 35-39 (2003)
Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.

External links

(In)Security of the WEP algorithm
Weaknesses in the Key Scheduling Algorithm of RC4
List of security problems with WEP
WEP: Dead Again, Part 1 (Dec. 14, 2004)
WEP: Dead Again, Part 2 (Mar. 8, 2005)
The Feds can own your WLAN too : TomsNetworking
Several software tools are available to compute and recover WEP keys by passively monitoring transmissions.

<< Previous

Word Browser

Next >>

antonio lotti
economic history of communist czechoslovakia
duke of ireland
duke of hereford
bragg's law
uss turbot (ss 427)
liberty island
penny black printing plates
duke of exeter
transportation in czechoslovakia
action code script

transfer roller
duke of surrey
substitute good
bridge (stringed instrument)
dazzler
lincoln park, chicago
quebec diaspora
hank aaron award
cinema of taiwan
cinema of hong kong
sidney herbert, 1st baron herbert of lea

klaus riedel
saint fermin
new zealand general election 1987
list of counts of barcelona
wi fi protected access
white flag
incentive
leon sedov
leper colony
emperor kang of jin china
albert medal

vigo
black brother
sciomyzidae
muskoka district municipality, ontario
list of israelis
earworm
tension myositis syndrome
rur
hypersigil
sara gilbert
operation flavius