Jump to content

Wired Equivalent Privacy

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by ArnoldReinhold (talk | contribs) at 13:59, 6 April 2005 (Flaws: info on FBI demo (see ext link)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Wired Equivalent Privacy (WEP) is part of the IEEE 802.11 standard (ratified in September 1999), and is a scheme used to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping; WEP was designed to provide comparable confidentiality to a traditional wired network, hence the name. However, several serious weaknesses were identified by cryptographers, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping.

Details

WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. For RC4, WEP uses two key sizes: 40 bit and 104-bit; to each is added a 24-bit initialisation vector (IV) which is transmitted in the clear.

Flaws

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. Two generic weaknesses were that:

  • the use of WEP was optional, resulting in many installations never even activating it, and
  • WEP did not include a key management protocol, relying instead on a single shared key amongst users.

More specific attacks have also become evident: in August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher is used, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours; the attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software. Cam-Winget et al. write, "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."

In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where the broke a WEP-protected network in 3 minutes using publically avaliable tools.

References

  • Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.
  • Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Communications of the ACM 46(5): 35-39 (2003)
  • Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Wired_Equivalent_Privacy&oldid=11955276"