WEP

Wired Equivalent Privacy (WEP) is considered as a form of security protocol that was designed in order to provide a level of security and privacy to a wireless local area network (WLAN) comparable to what is normally expected of a wired local area network.[1] Since a wireless network can transmit data all over an area through radio waves, this data can easily be intercepted through wireless data transmissions. Other users may even be able to eavesdrop on private and confidential conversations made through wireless networks without this form of security. Thus, WEP adds security to a wireless network by encrypting this data. Once data is intercepted, it will become unrecognizable to the system because it has already been encrypted. However, systems that are authorized on the network will be able to recognize and decrypt the data. This is because devices on the network make use of the same encryption algorithm. Thus, the main goal of WEP is to provide security to wireless networks.

Wired local area networks are inherently more secure than the wireless local area networks because the LANs are likely protected by the physicality of the structure, having all or some part of the network inside a building. This provides a physical form of protection from unauthorized and unconnected devices. Unlike LAN, WLANs that are over the radio waves do not have a similar physical structure which will make it more vulnerable to tampering.[2]

Functionality

In order for WEP to work, it implements a data encryption scheme which utilizes a combination and mix of user and system-generated key values. 40 bits plus additional bits of system-generated data encryption keys are supported by the original implementations of WEP. In order to increase the protection, these encryption methods were later on extended to fully support longer keys such as 104-bit (128 bits of total data), 128 bit (152 bits total), and 232-bit (256 bits total) variations. Once WEP has been deployed over a Wi-Fi connection, it will encrypt the data stream through the use of coded keys so that it will no longer be readable by users. However, these can still be processed by receiving devices.[3] WEP offers data confidentiality by encrypting data that will be sent between nodes that are wireless. The encryption of the WEP is indicated through setting the WEP flag in the mac header of the 802.11 frames. WEP also provides integrity of the data for random errors by including an integrity check value or ICV in a portion of the wireless frame that is encrypted.

The following are the two shared keys of WEP:

Unicast session key

This is an encryption key which protects the unicast traffic between a wireless client and a wireless AP, multicast and broadcast traffic sent by the wireless client to the wireless AP. The term unicast simply refers to a transmission that is done one-on-one from one point in the network to another point of the network. There is only one sender, and only one receiver. This is the most common method of transferring information that takes place on networks.

Multicast or global key

This is an encryption key which protects multicast and broadcast traffic between a wireless AP and all of its connected wireless clients. The term multicast refers to a transmission that uses one-to-many-of-many or many-to-many-of-many association. This differs from broadcast since the destination address designates a subset, not necessarily all, of the accessible nodes.

Authentication Methods

The WEP uses two types of authentication methods.[4] The following are stated below:

Open system authentication (OSA)

This is a process to which a computing device will gain access to a wireless network that uses the protocol of wired equivalent privacy. With the presence of OSA, a computer equipped with a wireless modem can be able to easily access any network of WEP and be able to receive files that are not encrypted.[5] This provides authentication even without performing any type of client verification. Due to the simplicity of OSA, it can also be used in conjunction with more advanced network security authentication methods like the PSK authentication and 802.1X or EAP.

Shared key authentication (SKA)

This authentication method is considered more complex than the OSA. This is a method in which a computing device uses the WEP protocol in order to have access to a wireless network. This establishes that a system that requested has knowledge of a shared secret key that is required for authentication. The process starts with a client sending an authentication to the network’s access point. The AP will send the client a file that is encrypted. The client will return the file to be examined by the AP. If the file is just the same with the one that the AP has in the record, the AP will know that the client is using the key that is correct and so the access to the network will be granted.

History

In 1999, the use of WEP to provide wireless security was adapted. With this, vendor-specific enhancements to WEP such a WEP+ and the dynamic WEP were implemented in order to attempt to patch some of the shortcomings of the WEP before, but all these technologies are also considered as not viable today. In 2004, WEP was replaced with WPA or also known as Wi-Fi protected access.[3:1] It is the security standard for the users of computer devices that are equipped by wireless internet connections. Later on, WPA was supplanted with WPA2. This is a method of securing the network through this with the use of Pre-shared key authentication which is optional. This was designed for the users at home without an enterprise authentication server.

Common Issues

WEP has always been considered as one of the primary protocols that are used for wireless security, however, WEP also experienced several limitations that undermined the security claims of the system. The reason for this is the cryptographic protocol design. The WEP is really vulnerable because of the relatively short IVs and keys that remain static. With this, in order to make the WEP even more effective, a deeper analysis of its protocol design is really a must. Still, WEP can be used for other security functions.[4:1]


  1. https://searchsecurity.techtarget.com/definition/Wired-Equivalent-Privacy ↩︎

  2. https://www.webopedia.com/TERM/W/WEP.html ↩︎

  3. https://www.lifewire.com/definition-of-wired-equivalent-privacy-816575 ↩︎ ↩︎

  4. https://www.ipv6.com/wireless/wep-wired-equivalent-privacy/ ↩︎ ↩︎

  5. https://searchsecurity.techtarget.com/definition/Open-System-Authentication-OSA ↩︎