What is WEP (Wired Equivalent Privacy)?

Quick Insight

WEP is an old security rule that aimed to give Wi-Fi the same privacy as a wired link. It scrambles radio data with the RC4 stream cipher and a fixed shared key. But that key stays the same and uses a small start vector, so hackers can crack it fast. Modern tools break this shield in under a minute. That is why WPA and WPA2 now take its place with stronger, changing keys. Yet some old router tools still list this weak guard as a first pick.

Updated:
Author:
Category:Network Protocols
Read Time:13 min

WEP (Wired Equivalent Privacy) was the first security rule for Wi-Fi networks. It tries to give safety like a wired net.

Made in 1997, WEP is part of the IEEE 802.11 standard. WEP uses coding and checking to guard wireless messages.

It uses the RC4 stream code for coding, which mixes up data sent by wireless messages. But WEP has significant safety weaknesses. It depends on a fixed code and a weak start number.

Because of this, WEP can be broken by many attacks. Due to these faults, WEP is now seen as old. Stronger systems like WPA and WPA2 were made to improve wireless safety.

WEP Definition and Features

What is WEP Encryption?

A wireless coding system gives privacy like a wired network. The name Wired Equivalent Privacy (WEP) is for the IEEE 802.11 standard coding system.

It gives level two coding using the RC4 method. WEP uses 64-bit or 128-bit keys. 64-bit keys are often 40 bits plus 24 extra bits. 128-bit keys are 104 bits plus 24 additional bits.

Open messages from wireless nets are sent by radio. This makes them simpler to catch than wired net messages. WEP was first created in 1999.

But, from 2001, experts found big problems in WEP. So, WEP safety can now be broken in minutes with easy tools.

To fix this, the IEEE made an 802.11i safety upgrade for these problems. Also, in 2003, the Wi-Fi group said that WPA would take the place of WEP.

Then, in 2004, the IEEE approved the WPA2 standard. They said both WEP-40 and WEP-104 were old due to safety problems.

Even with its faults, some still use WEP. It is still the first safety choice given by router setup tools. While WEP can stop unwanted entry, it does not provide complete safety.

It can still give a simple level of safety. Even though WEP was retired as a wireless privacy choice in 2004, it is still listed in current standards. Lastly, WEP is sometimes wrongly called the Wired Equivalent Privacy.

Definition

WEP is a security method you can choose. It was part of the first IEEE 802.11 standard. This method keeps wireless networks safe. It stays the same in the 802.11a and 802.11b versions.

These versions make sure different brands can work together. WEP is a standard coding system. It is built into the MAC part, and most wireless tools use it. But it does not work with IPSec.

Standard

The IEEE 802.11 standard gives basic safety tools. These tools include checking who you are and coding data.

Checking who you are works in either the Private or Advanced network mode. You can use an open system or a shared key. A device asking to join can approve any other device.

Or, only some devices from an approved list can be allowed in. In a shared key system, only devices with a secret code are approved.

The 802.11 standard has an optional coding feature. This feature tries to be as safe as wired networks. It uses the RC4 method from RSA Data Security. This method codes wireless messages well.

While wireless networks fight secret listening, absolute safety needs coding. This is the only way to stop data from being caught when sent.

The job of WEP is to code data sent by radio waves. This lets wireless networks keep privacy like a wired network.

WEP also tries to stop unwanted entry to wireless networks. This means checking who the user is.

While the 802.11 standard does not clearly say this, this is very important. The WEP method must have this to control who gets in.

It is also key to keeping data secret and correct in wireless networks. So, most 802.11 wireless products have WEP as a choice.

Encryption

It uses a secret code. This code is shared between the wireless device and the access point. All information sent between the device and the access point can be coded with this code.

The 802.11 standard does not say how the secret code is made. But it allows a list to link a different code to each device.

In real use, the same code is usually shared by all devices and access points in a system.

WEP uses a check method named CRC-32 to guard the coded text. This method makes a check number (ICV) for the standard text. Very importantly, this ICV works like a fingerprint for the standard text.

The ICV number is then added to the coded text and sent to the receiver with the start value. The receiver then mixes the coded text with the code stream to get the standard text.

By using the check method on the standard text, the receiver can check the result with the ICV they got.

If both ICV numbers are the same, the message is confirmed. This means the fingerprints match.

Authentication

It gives two ways to check who you are: an open and a shared key. The open way lets anyone use the wireless network.

The shared key way controls who gets in and stops bad use. Shared key checking is a safer way. It uses a secret code known by all devices and points.

When a device tries to connect, it gets some random words called a “test.” The device must use the secret code to lock these words.

It then sends the locked words back to the point to be checked. The point unlocks the answer using the same secret code.

It checks the result with the first test. If they are the same, the point sends an “okay” message. This means the device can join the network.

But, if the device has no code or sends a wrong answer, the point is no. This stops bad people from getting into the net.

Also, shared key checking only works if coding is turned on. If coding is off, the system uses an open, unsafe way.

This setting lets all devices nearby connect. Because of this, it makes a way for bad people to get in.

Making sure WEP is on is key to safe checking. Even with shared key checking, all wireless devices can use the same code.

This setup stops personal checking. So, bad users can get into the network if they have the shared code.

This problem can cause safety issues, especially in big groups. The more users, the more chances the shared code is found.

What Does the WEP Protocol Do?

As the rules say, wireless networks must keep things secret and check who you are. They also need to control who gets in. The same, fixed secret codes are used for all devices and points.

Sadly, the rules do not have a way to send out codes on their own. This means the code must be typed by hand into each part of the net.

This causes a few troubles. First, the code is kept on every single device. This makes it easier for safety to be broken.

Second, handing out codes by hand makes more work for the net manager. Most times, this means the code is almost never changed.

Algorithms

The coding method used is called RC4. It uses just one key, unlike the standard 64-bit coding method.

This 64-bit coding method has 24 bits for a start number. It also has 40 bits for the secret code. These 40 bits must be given out by hand.

Also, the start number (IV) is made fresh each time. It must be different for every message. The reason for using the IV coding method is to code with other keys.

This stops an evil person from catching enough coded messages. If they did, they could find the code.

Both sides must know the secret code and the IV coding method. First, the secret code is saved in the settings and known to every part of the network.

Second, the IV coding method is made at one end. It is then sent to the other end with the message. So, the IV coding method is also known.

But know that a possible bad person can catch the IV coding method. This happens as it moves inside every message.

Encryption Algorithm

A 32-bit check number is made from the data. This CRC-32 makes sure the message is whole. It is also called the Integrity Check Value (ICV).

The secret code is then mixed with the start number IV. RC4’s Number Maker makes fake-random characters, or code streams.

These code streams are as long as the bits from the mix. An XOR step then works out the characters. This makes a secret message.

The IV stays in clear text while the message is sent. This happens in the data part of an 802.11 frame. The decoding method does the same steps in reverse. The person getting it knows the IV and the secret code.

This lets it make the same code stream. The clear message is found by doing an XOR step on the data it got. This has the data and the CRC-32. Lastly, the person checks if the CRC-32 is right.

RC4 Encryption Algorithm

This is not a block cipher algorithm, but a stream cipher algorithm. It was developed by Ronald Rivest in 1987. It is part of the trade secret RSA R-RSA Data Security.

On September 13, 1994, an anonymous email provider published a newsgroup on sci.crypt. This algorithm is used by various commercial programs such as Netscape and Lotus Notes.

It works with a key ranging from 1 to 256 bytes. This equates to 8 to 1024 bits. The key initializes the state table.

The table is then used to generate a list of pseudo-random bytes. These bytes are combined with the plaintext using the XOR function. The resulting ciphertext is obtained.

Security Flaws

The weak start number (IV) in this method is a big problem. It causes several safety issues.

The IV is different from the main code. This difference stops bad people from collecting enough secret messages with the same code.

But the 802.11 rules do not say how the IV should be used. They say the IV should change for every message for more privacy. But, this is not a must.

Makers must choose how to change the IV in their goods. Because of this, many systems pick an easy way: the IV starts at 0 when the card turns on. It then goes up by 1 for each message.

This makes the first mix of IVs and codes happen again and again. Also, every device uses the same secret code. So, messages with the same code grow in number.

Limited Number of IVs

Also, the count of different IVs is not very big. There are about 2^24, or 16 million. So, they will repeat in a few minutes or hours.

The more the net is used, the faster this happens. In a perfect case, the IV should never be repeated. But, as we saw, this cannot occur with WEP.

How many times the same IV is used again depends on the product. It also depends on the net use set by the maker. The IV can go in order or can be random.

The rules set the 24-bit size for the IV. This size cannot be changed. While some products use 128-bit codes (called WEP2), the IV stays 24 bits. Making the code longer does not fix the IV weakness.

A trouble happens if many messages with the same IV are caught. With the same code stream, you only need to know one standard message.

This message is mixed with the same secret to make the secret text for that IV. By knowing the code stream for an IV, you can read all messages. These messages use the same IV. The main trouble is understanding the standard message.

But, even if it is not hard, it can make expected messages. It can also make ICMP ping and reply messages. TCP okay messages can also be changed.

Solution Suggestions for Current WEP

  • Use higher levels of encryption, such as IPsec
  • Place a Firewall between the access points and the LAN.
  • Use a VPN.

Suggested Solutions for Future WEP Versions

  • Pass the key and IV through the Hash function before entering RC4. It should be done every season.
  • Change the encryption system to a more secure symmetric algorithm, such as AES.
  • Use asymmetric essential methods to distribute keys.
  • Change the keys frequently.
  • Use random keys, not keys generated from words.
  • Identify stations safely.

WEP Alternatives

The known weak points are good reasons to use other safety tools in wireless networks. Even though not in the rules, makers have chosen to give longer keys.

This usually means moving from 64-bit keys to 128-bit keys. WEP with 128-bit keys is often called WEP2.

But the start number size stays at 24 bits. 802.11 frames do not let you use a longer IV. So, the secret code is just made longer from 40 bits to 104 bits.

Because the IV length and use are the same, the old weak points remain. So, WEP2 does not really fix WEP’s problems.

Another type, called changing WEP, is in some systems. The goal is to hand out keys on its own.

User checking happens through 802.1x, EAP, or RADIUS. This way needs a net checking server, usually RADIUS. If the same code is not used again for many messages, it can help with WEP’s main flaws.

VPNs as an Alternative

But many companies like to use VPNs more than WEP. This answer is suitable for office links from far away.

While VPN technology was not made for wireless networks, it has been shown to be safe. One bad point is that devices from different makers may not work together.

WPA and WPA2 are the tools made to replace wireless security. WPA was meant to be ready in 2003, and WPA2 in late 2004.

Safety in wireless networks is a key problem that must be addressed. Because data is sent in an open space, the proper protections are needed. These make sure data stays whole, real, and secret.

Even with the strengths of the 802.11 standard, there are limits. Good care can help stop many safety problems.

The first trouble comes from the start number in the clear part of the messages. Because of this, the receiver knows which IV to use for reading.

The 802.11 standard says to change the IV after each send. But it does not force this change.

If the IV is not changed and is used again, this is a safety risk. A listener can lock the IV value and the code stream it makes.

So, this can lead to messages being read. This risk is even worse if devices use the same codes.

They'll Thank You for Discovering This Guide!

Ready to do your loved ones a huge favor with just one click? Knowledge grows as it is shared.

Tolga Bagci

PRO

Computer Expert System Networking Virtualization

Hi, I'm Tolga, a computer expert with 20 years of experience. I help fix computer issues with things like hardware, systems, networks, virtualization, servers, and operating systems. Check out my website for helpful info, and feel free to ask me anything. Keep yourself in the loop about the newest technologies!

1240 Articles

Be the first to share your comment