WEP

Wired Equivalent Privacy

Student name \ k
University ID \ 32

Definition (1)
Wired Equivalent Privacy (WEP) is a security protocol,
specified in the IEEE Wireless Fidelity (Wi-Fi) standard,
802.11b, that is designed to provide a wireless local area
network (WLAN) with a level of security and privacy
comparable to what is usually expected of a wired LAN. A
wired local area network (LAN) is generally protected by
physical security mechanisms (controlled access to a
building, for example) that are effective for a controlled
physical environment, but may be ineffective for WLANs
because radio waves are not necessarily bound by the walls
containing the network. WEP seeks to establish similar
protection to that offered by the wired network's physical
security measures by encrypting data transmitted over the
WLAN. Data encryption protects the vulnerable wireless
link between clients and access points; once this measure
has been taken, other typical LAN security mechanisms
such as password protection, end-to-end encryption, virtual
private networks (VPNs), and authentication can be put in
place to ensure privacy.

How WEP Works

WEP implements a data encryption scheme that uses
combination of user- and system-generated key values.
The original implementations of WEP supported encryption
keys of length 40 bits and 24 additional bits of systemgenerated data (64 bits total). In an attempt to increase
protection, these encryption methods were later extended to
support longer keys including 104-bit (128 bits of total
data), 128-bit (152 bits total) and 232-bit (256 bits total)
variations.

Encryption details (2)

A 64-bit WEP key is usually entered as a string of 10
hexadecimal (base 16) characters (09 and AF). Each
character represents 4 bits, 10 digits of 4 bits each gives 40
bits; adding the 24-bit IV produces the complete 64-bit
WEP key (4 bits 10 + 24 bits IV = 64 bits of WEP key).
Most devices also allow the user to enter the key as 5 ASCII
characters (09, az, AZ), each of which is turned into 8
bits using the character's byte value in ASCII

(8 bits

5 + 24 bits IV = 64 bits of WEP key); however, this restricts

each byte to be a printable ASCII character, which is only a
small fraction of possible byte values, greatly reducing the
space of possible keys.

A 128-bit WEP key is usually entered as a string of 26

hexadecimal characters. 26 digits of 4 bits each gives 104
bits; adding the 24-bit IV produces the complete 128-bit
WEP key (4 bits 26 + 24 bits IV = 128 bits of WEP key).
Most devices also allow the user to enter it as 13 ASCII
characters (8 bits 13 + 24 bits IV = 128 bits of WEP key).

A 152-bit and a 256-bit WEP systems are available from

some vendors. As with the other WEP variants, 24 bits of
that is for the IV, leaving 128 or 232 bits for actual
protection. These 128 or 232 bits are typically entered as 32
or 58 hexadecimal characters (4 bits 32 + 24 bits IV = 152
bits of WEP key, 4 bits 58 + 24 bits IV = 256 bits of WEP
key). Most devices also allow the user to enter it as 16 or 29
ASCII characters (8 bits 16 + 24 bits IV = 152 bits of
WEP key, 8 bits 29 + 24 bits IV = 256 bits of WEP key).

WEP algorithm is used to:

Protect wireless communication
from eavesdropping.
Prevent unauthorized access to wireless network
(feature of WEP, but not an explicit goal in the 802.11
stander)

Three security goals of WEP protocol

Access Control
Ensure that your wireless infrastructure is not used.
Data Integrity
Ensure that your data packets are not modified in transit.
Confidentiality
Ensure that the contents of your wireless traffic is
not learned

Description of WEP Protocol

WEP relies on a secret key which is shared between the

sender and the receiver.
- SENDER: Mobile station ( eg . Labtop with a wireles
ethernet card)
- RECEIVER: Access Point (eg. base station)

Secret Key is used to encrypt packets before they are

transmitted

Integrity Check is used to ensure packets are not

modified in transit.
- The standard does not discuss how shared key is
established
- In practice, most installations use a single key which is
shared between all mobile stations and access points.

Description of WEP Protocol (Cont.)

To send a message M:
1. Compute a checksum c(M)(is not depend on secret key k)
2. Pick an IV v and generate a keystream RC4(v,k)
3. XOR <M,c(M)> with the keystream to get the cipher text
4. Transmit v and ciphertext over a radio link

When received a message M

1. Use transmitted v and the shared key k to generate the
keystream RC4(v,k)
2. XOR the ciphertext with RC4(v,k) to get <M,c>
3. Check is c=c(M)
4. If it is, accept M as the message transmitted

RC4 (Stream Cipher)

WEP uses RC4 encryption algorithm known as stream
cipher to protect the confidentiality of its data.
Stream cipher operates by expanding a short key into
an infinite pseudo-random key stream.
Sender XORs the key stream with plaintext to produce
ciphertext.
Receiver has the copy of the same key, and uses it to
generate an identical key stream.
XORing the key stream with the ciphertext yields the
original message.

WEP encryption step-by-step

Step 1: Compute CRC for the message CRC-32 polynomial
is used

Message

CRC

Step 2: Compute the keystream

- IV is concatenated with the key

- RC4 encryption algorithm is used on the 64 or 128 bit

concatenation

IV

Key
Keystream

Step 3: Encrypt the plaintext

-The plaintext is XORed with the keystream to form the

ciphertext
-The IV is prepended to the ciphertext

Message
IV

Ciphertext
Keystream

CRC

References
1) http://searchsecurity.techtarget.com/definition/Wired-Equivalent-Privac
2) https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

3) https://www.cs.fsu.edu/~yasinsac/group/slides/cubukcu.pdf
4) http://www.cs.odu.edu/~nadeem/classes/cs752-S11/s11/material/Lec21_WEP_security.ppt