Wired Equivalent Privacy (WEP) is the security protocol specified in the IEEE 802.11b Standard for Wireless Fidelity (Wi-Fi) networks. Akey point of vulnerability exists on the wireless link between client devices and access points. Here, WEP provides a level of security and privacy ostensibly comparable to what is expected of a wired local area network (LAN).
Since it was not intended as an end-to-end security solution, however, users must implement additional safeguards to fully protect their information. WEP relies on a secret key that is shared between a mobile station such as a notebook equipped with a wireless Ethernet card and an access point that provides a wired connection to the LAN. The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit.
The IEEE standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points. Commercial products offer more sophisticated key management techniques that can be used to help defend against hacker attacks, but products for the residential market generally lack these features because they require a more technical understanding of security concepts.
WEP uses the RC4 encryption algorithm, which is known as a “stream cipher.” Astream cipher operates by expanding a short key into an infinite pseudo-random key stream. The sending device implements the XOR (exclusive or) operation on the key stream with the plaintext to produce ciphertext. The receiving device has a copy of the same key and uses it to generate an identical key stream.
By implementing XOR on the key stream with the ciphertext, the original plaintext is recovered. Researchers from the University of California at Berkeley have found that this mode of operation makes stream ciphers vulnerable to several attacks. If an attacker flips a bit in the ciphertext, then on decryption the corresponding bit in the plaintext will be flipped.
Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. According to the Berkeley researchers, knowledge of this XOR can enable statistical attacks to recover the plaintexts. The statistical attacks become increasingly effective as more ciphertexts using the same key stream become known.
Once one of the plaintexts becomes known, it is a relatively simple matter to recover all of the others. These attack methods work equally well on both 64- and 128-bit versions of WEP. WEP has defenses against both of these attacks. To ensure that a packet has not been modified in transit, it uses an integrity check (IC) field in the packet. To avoid encrypting two ciphertexts with the same key stream, an initialization vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet.
The IV is also included in the packet. However, the Berkeley researchers contend that both these measures are implemented incorrectly, resulting in poor security. The integrity check field is implemented as a CRC-32 checksum, which is part of the encrypted payload of the packet. However, CRC-32 is linear, which means that it is possible to compute the bit difference of two CRCs based on the bit difference of the messages over which they are taken.
In other words, flipping bit X in the message results in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows the attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid.
Vendors that offer business-class products that use WEP for security on wireless links have dealt with these problems by adding features to WEP. Cisco Systems, for example, offers Dynamic WEP Key Management, which allows network administrators to set time increments in which WEP keys are exchanged per user per session. Increasing the frequency in which keys are exchanged helps systems mitigate the possibility of successful attacks.
Although WEP will be refined continually to increase the security of wireless links, even Cisco recognizes that no single security scheme works for all customers. Accordingly, in addition to WEP, Cisco also offers virtual private network (VPN), firewall, and other features to enhance the end-toend security of corporate networks.
WEP seeks to establish a similar level of protection as that offered by the wired network’s physical security measures by encrypting data transmitted over the wireless LAN. Data encryption protects the vulnerable wireless link between clients and access points. Once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, VPNs, client firewall software, and authentication can be put in place to further ensure privacy.