Chapter 4. WEP Security

IN THIS CHAPTER

• WEP Introduction

• RC4 Encryption

• How RC4 Works

Wireless transmissions are available to hackers as well as authorized users. However, the IEEE 802.11 standard does include some measure of protection. This protection, known as the Wired Equivalency Privacy (WEP) protocol, defines a set of instructions and rules by which wireless data can be transmitted over the airwaves with at least a modicum of security.

At its birth, many believed that WEP offered impenetrable resistance to hackers. However, as wireless networks began to grow in popularity, a group of scientists discovered a serious flaw. Although these scientists themselves merely theorized about the weakness, their basic research unleashed a wave of security vulnerabilities that demolished WEP security. This chapter will introduce WEP security and the latent flaws that doomed it to failure. The following chapter (Chapter 5, "Cracking WEP") will show you exactly how to break WEP.

Little peer-review by expert cryptographers was performed on the WEP algorithms during the IEEE approval process for 802.11 security mechanisms. Because of this, WEP has multiple flaws that would have been caught if crypto experts had reviewed some of the implementation specifics of WEP. In contrast, the IETF has had many crypto experts involved in designing/reviewing IPsec/IKE. IPsec/IKE has had far more scrutiny by crypto experts and does a much better job of privacy, authentication, and data integrity.