What is WEP?

According to Abbreviationfinder, WEP stands for Wired Equivalent Privacy and must provide confidentiality, authentication and access control in WLAN networks. WEP uses the same static and symmetric key on the stations and the access point. The standard does not contemplate any automatic key distribution mechanism, which forces the key to be written manually in each of the network elements. This creates several drawbacks. For one thing, the key is stored at all stations, increasing the chances of it being compromised. And on the other hand, the manual distribution of keys causes an increase in maintenance by the network administrator, which means, in most cases, that the key is little or never changed.


The encryption algorithm used is RC4 with keys (seed), according to the standard, 64 bits. These 64 bits are made up of 24 bits corresponding to the initialization vector plus 40 bits of the secret key. The 40 bits are the ones that must be distributed manually. The initialization vector (IV), on the other hand, is dynamically generated and should be different for each frame. The objective pursued with the IV is to encrypt with different keys to prevent a potential attacker from capturing enough traffic encrypted with the same key and eventually ending up deducing the key. Obviously, both ends must know both the secret key and the IV. The first we know since it is known since it is stored in the configuration of each network element. The IV, on the other hand, it is generated at one end and sent in the frame itself to the other end, so it will also be known. Note that as the IV travels in each frame it is easy to intercept by a possible attacker.

The WEP encryption algorithm

  • A 32-bit CRC is calculated from the data. This CRC-32 is the method proposed by WEP to guarantee the integrity of messages (ICV, Integrity Check Value).
  • The secret key is concatenated after the IV formed by the seed.
  • The RC4 PRNG (Pseudo-Random Number Generator) generates a sequence of pseudo-random characters (keystream), from the seed, of the same length as the bits obtained in point 1.
  • The exclusive OR (XOR) of the characters from point 1 is calculated with those from point 3. The result is the encrypted message.
  • The IV (unencrypted) and the encrypted message are sent within the data field (frame body) of the IEEE 802.11 frame.
  • The decryption algorithm is similar to the previous one. Since the other end will know the IV and the secret key, it will then have the seed and with that it will be able to generate the keystream. Carrying out the XOR between the received data and the keystream, the unencrypted message will be obtained (data and CRC-32), then it is verified that the CRC-32 is correct.

RC4 encryption algorithm

It is a Stream (not Block) Cipher algorithm, created in 1987 by Ronald Rivest (the R for RSA – RSA Data Security Trade Secret). It was posted on September 13, 1994 using anonymous remailers in a newsgroup: sci.crypt. It is used by various commercial programs such as Netscape and Lotus Notes.

It works from a key of 1 to 256 bytes (8 to 1024 bits), initializing a table of states. This table is used to generate a list of pseudo-random bytes, which are combined using the XOR function with the plaintext; the result is the ciphertext.

Security flaws

Initialization vector weakness The implementation of the initialization vector (IV) in the WEP algorithm has several security problems. Remember that the IV is the part that varies from the key (seed) to prevent a possible attacker from collecting enough information encrypted with the same key.

However, the 802.11 standard does not specify how to handle IV; it is indicated that it should be changed in each frame to improve privacy, but it does not require it. The question of how to vary the IV in their products remains open to manufacturers. The consequence of this is that most implementations opt for a simple solution: every time the network card boots, the IV is set to 0 and incremented by 1 for each frame. This causes the first combinations of IVs and secret key to be repeated very frequently. Furthermore, if we take into account that each station uses the same secret key, so the frames with the same key are multiplied in the middle. On the other hand, the number of different IVs is not too high (224 = 16 million approx.), So they will end up repeating in a matter of minutes or hours. The time will be shorter the higher the load on the network. Ideally, the IV should never be repeated, but as we can see, this is impossible in WEP. The number of times the same IV is repeated will depend on the implementation chosen to vary the IV by the manufacturer (sequential, random, etc.) and on the network load.

The 24-bit length for the IV is part of the standard and cannot be changed; There are implementations with 128-bit keys (which is known as WEP2), however, in reality the only thing that is increased is the secret key (104 bits) but the IV is preserved with 24 bits. Increasing the length of the secret key does not solve the weakness of the IV.

If several frames have been captured with the same IV, that is, with the same keystream, it is only necessary to know the unencrypted message of one of them, making the XOR between an unencrypted message and the same encryption, it will give us the keystream for that IV. Knowing the keystream associated with an IV, it is possible to decrypt all the frames that use the same IV. The problem is then to know an unencrypted message, although this is not so complicated, because there is predictable traffic or it can be caused (ICMP echo request and response messages, TCP confirmations, etc.).

Proposals for solutions on current WEP

  • Use higher levels of encryption, such as IPsec, etc…
  • Place a Firewall between the access points and the LAN.
  • Use VPNs.

Proposals for solutions on future WEP versions

  • Pass the key and IV through a Hash function before entering them into the RC4. It should be done in all seasons.
  • Change the encryption system to a more secure symmetric algorithm, for example AES.
  • Use asymmetric key methods to distribute keys in order to:
  • Change passwords frequently.
  • Use random keys, not dictionary keys.
  • Safely identify stations.

Alternatives to WEP

The WEP vulnerabilities explained are more than enough reasons to use other security mechanisms in WLAN networks. Although it is not part of the standard, the manufacturers of Wi-Fi products decided to offer the possibility of using keys of twice the length (from 64 bits to 128 bits). WEP used with 128-bit keys is what is generally known as WEP2. However, we must note that the length of the initialization vector is still 24 bits (IEEE 802.11 frames do not contemplate a greater number of bits to send the IV), so the only thing that has been increased is the secret key (from 40 bits to 104 bits). Because the length of the IV and its use do not vary, the weaknesses of the IV can continue to be exploited in the same way. WEP2 does not solve WEP problems.

Another variant of WEP used in some implementations is dynamic WEP. In this case, the aim is to incorporate automatic key distribution mechanisms and user authentication through 802.1x / EAP / RADIUS. It requires an authentication server (RADIUS normally) running on the network. In the event that the same key (secret key + WEP) is not used in more than one frame, this mechanism would be sufficient to compensate for the main weaknesses of WEP.

However, the solution preferred by companies as an alternative to WEP has been the use of VPNs, in the same way that it would be done if users were connected remotely to the office. VPN technology is well proven and considered secure, although it has not been specifically designed for WLAN networks. The disadvantage is the lack of interoperability between devices from different manufacturers.

Mechanisms specifically designed for WLAN networks to be the successors to WEP are WPA [5] and WPA2 (IEEE 802.11i) [3]. The first is from 2003 and the second is expected by the end of 2004.

Security in wireless networks is a critical aspect that cannot be neglected. Since transmissions travel through an insecure medium, mechanisms are required to ensure the confidentiality of the data as well as its integrity and authenticity.

Despite the potential strength of WEP, included in the IEEE 802.11 standard to provide security, to protect the confidentiality and integrity of data, it has a number of limitations that can only be avoided through proper management. The first problem arises in the use of the initialization vector, which is included in the unencrypted part of the message, so that the receiver knows what value of IV (Initialization Vector) to use when generating the key flow for decryption. The 802.11 standard recommends, but does not require, that the IV value be changed after each transmission. If the IV value is not changed on a regular basis, but is used for subsequent messages, someone who is listening may be able to crypto-analyze the key stream generated by the value of IV and the secret key, and thus decrypt the messages using that value; which becomes even more critical if all terminals are configured with the same keys.

Wired Equivalent Privacy WEP