The WEP Processes Encryption Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Considered one of the first security mechanisms introduced by manufactures Wired Equivalent Privacy (WEP), it's considered as a part of 802.11 standard for encrypting WLAN traffic. Wired equivalent privacy is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm invented by Ron Rivest to encrypt all network data traffic. The shared-secret key is either 40 or 104 bits long. The system administrator chooses the key. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802.11.[1]

WEP Processes:


Figure (1) WEP Encryption [2]

Based on Figure (1), The WEP protocol uses two processes that are applied to the plaintext

data. The first one encrypts the plaintext and the second one protects it against any

unauthorized modifications. Then, the secret key, 40 bits of size is combined with a 24 bits

initialization vector (IV) resulting in a 64-bit total key size. The resulting key is placed into

the pseudorandom number generator (PRNG). The PRNG (RC4) on its turn, outputs a pseudorandom key sequence based on the input key. Then, the resulting sequence is being

used for data encryption by doing a bitwise XOR.


In the decryption process The IV (Initialization Vector) of the incoming message is used for the generation of the sequence key necessary for the decryption of the incoming message. As shown in figure (2)

Figure (2) WEP decryption [2]

The combination of the ciphertext and the proper key sequence produces the original plaintext and ICV (Integrity Check Value). The decryption is verified by performing the integrity check algorithm on the recovered plaintext and comparing the output ICV to the ICV transmitted with the message.

In case where the output ICV is different from the ICV transmitted, the receive message is in error and an error indication will be sent to the MAC management and to the sending station. Mobile clients with erroneous messages caused by the inability to decrypt will not be able to authenticate and access the network resources. In fact, the WEP protocol provides some security measures for the IEEE 802.11 but it still remains ineffective face to certain attacks. Several researches or documents prove the ineffectiveness of the WEP. [7, 20, and 43].

WEP Authentication:

Authentication in WEP involves authenticating a device when it first joins the LAN. The authentication process in the wireless networks using WEP is to prevent devices/stations joining the network unless they know the WEP key. Figure (3) shows the WEP authentication process.

Figure (3) WEP Authentication

In WEP-based authentication, wireless device sends authentication request to the wireless access

point, then wireless access point sends 128 bit random challenge in a clear text to the requesting

client. The wireless device uses the shared secret key to sign the challenge and sends it to the

wireless access point. Wireless access point decrypts the signed message using the shared secret

key and verifies the challenge that it has sent before. If the challenge matches, then authentication succeeds otherwise not.

Unfortunately, in WEP, no secret key is exchanged after authentication. The same secret key or

shared key is used for both authentication and encryption. So there is no way to tell whether the

subsequent messages come from the trusted device or from an impostor. This kind of

authentication is prone to man in the middle attack. This authentication is really not a best effort

here. In the Wi-Fi specification, authentication was completely dropped, despite being in the

IEEE 802.11 standard.

A history of WEP and RC4 [6]

WEP was previously known to be insecure. In 2001 Scott Fluhrer, Itsik Mantin, and Adi Shamir published an analysis of the RC4 stream cipher. Some time later, it was shown that this attack can be applied to WEP and the secret key can be recovered from about 4,000,000 to 6,000,000 captured data packets. In 2004 a hacker named KoReK improved the attack: the complexity of recovering a 104 bit secret key was reduced to 500,000 to 2,000,000 captured packets.

In 2005, Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir which can additionally be used to break WEP in WEP like usage modes.

Aircrack-ptw attack

Aircrack-ptw is able to extend Klein's attack and optimize it for usage against WEP. Using aircrack-ptw's version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.

WEP Vulnerabilities:

Implementation of IV Mechanisms:

The process of implementing IV mechanisms has the protocol vulnerable in the opposite of strengthen the encryption. The purpose of IV in RC4 process is to make sure that no key is repeated, thus WEP uses 40 bit protection with a 24 bit IV, hence the 24 bit IV space can be used within few hours and IV's are repeated again As the shared key is fixed, the key to RC4 key stream generator is repeated if IV's are repeated. This violates the RC4 rule of never repeating the keys. As IV is sent in clear text, the attacker can identify when IV collision occurs. IV collisions help attacker to determine the key stream. By analyzing the two packets derived from the same IV, key stream can be obtained.

Same key is shared:

The same key is shared between access point and wireless device. If there are multiple

Users/devices using the same key, this helps to make the attacks on WEP more practical and

increases the chances of IV collision. The key change at access point requires every user to

change their key accordingly. So, the key management is difficult to administer manually. Hence, most of the users don't change acesspoint keys frequently. They keep the same key for many months or years or forever which buys the attacker more time to analyze the traffic and identify the keystream and IV reuse [4].

Checksum failure to protect data integrity:

In WEP, data integrity is verified using the CRC checksum operation. The idea behind CRC is to

to prevent anyone from tampering with the message in transit. The CRC is performed on the

plaintext but not on the ciphertext. CRC was designed to detect random errors in the message but

not to prevent from any harmful attacks. It is possible to make changes to the ciphertext without

affecting the checksum. This shows that the WEP checksum failed to protect data integrity (one of the main goals of the WEP) [4].

Known plaintext attacks:

If an attacker knows the plaintext he/she can easily compute the checksum and can inject the forged messages into the network. An attacker can also change the destination address of the packet and replace the old CRC with the modified CRC and also recomputed the IP checksum. The access point won't be able to notice the changes to the original packet and forward it to the selected IP address [5].

Denial of Service Attacks:

Lacking strong authentication methods, DoS are trivial to implement. An attacker can record valid WEP packets and then retransmit them later (replay attack) [5].