WEP (wired equivalent privacy)
The privacy protocol specified in IEEE 802.11 to provide wireless LAN users protection against casual eavesdropping. WEP refers to the intent to provide a privacy service to wireless LAN users similar to that provided by the physical security inherent in a wired LAN.
When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by a 64-bit RC4 key. This key is composed of a 24-bit initialization vector (IV) and a 40-bit WEP key. The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. The IV is chosen by the sender and can be changed periodically so every packet won't be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end. The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.
WEP has been widely criticized for a number of weaknesses:
Key management and key size
Key management is not specified in the WEP standard; without interoperable key management, keys will tend to be long-lived and of poor quality. Most wireless networks that use WEP have one single WEP key shared between every node on the network. Access points and client stations must be programmed with the same WEP key. Since synchronizing the change of keys is tedious and difficult, keys are seldom changed. Also, the 802.11 standard does not specify any WEP key sizes other than 40 bits.
The IV is too small
WEP's IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet that is transmitted, and the IV is sent in the clear with each packet. The problem is IV reuse. If the RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV or can forge packets.
Weakness: The ICV algorithm is not appropriate
The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful choice for a cryptographic hash. Better-designed encryption systems use algorithms such as MD5 or SHA-1 for their ICVs.
Authentication messages can be easily forged
From What's wrong with WEP?, Network World, 09/09/02.
Also see:
WPA for information on a possible WEP replacement.
Additional resources
Wireless research center
Latest wireless news, analysis and newsletters from Network World Fusion.
Comments:
final Solution of Wlan
by Shahzad Laghari
What is the final solution of Wlan secrity because i have seen so many solution but they are diffrent from each other and may not be standerdize plz tell me the solution of this topic which is to be implimented. also give the idea of simulation of this WLAn
Add a comment
