Problem solve Get help with specific problems with your technologies, process and projects.

WEP vulnerabilities -- wired equivalent privacy?

A brief look at some of the security issues related to WEP usage and a link to a more detailed examination of these issues.

This article is excerpted from InformIT.

WEP has received an enormous amount of attention in the media as being flawed and broken. As its name implies, WEP was only intended to give wireless users the level of security implied on a wired network (which isn't much). Except in a fully switched environment, all wired traffic is exposed to the risk of eavesdropping (a.k.a., packet sniffing). WEP was not designed to be the end-all, be-all security solution for wireless networks and, as we shall see, WEP has a number of shortcomings, which make it vulnerable to several classes of attacks.

The underlying encryption engine used by WEP is RC4, which is widely used in various Internet protocols including secure Web pages (HTTPS). When it comes to WEP flaws, the problem isn't RC4. The problem is the way that RC4 is implemented. In particular, the implementation of IVs is flawed because it allows IVs to be repeated and hence, violate the No. 1 rule of RC4: Never, ever reuse a key.

Security researcher Tim Newsham exposed another vulnerability of WEP by demonstrating that the key generator used by many vendors is flawed for 40-bit key generation. Using a typical laptop, he was able to crack a 40-bit key in less than a minute.

Another flaw of WEP, in the key scheduling algorithm, was discovered and detailed in a paper titled "Weaknesses in the Key Scheduling Algorithm of RC4" written by Scott Fluhrer, Itsik Mantin, and Adi Shamir. This weakness, exploited by commonly available tools such as AirSnort, WEPCrack and dweputils, has the ability to crack WEP keys by analyzing traffic from totally passive data captures. If your network is consistently generating traffic at peak speeds, the WEP key (64 or 128 bit) can be cracked after capturing just a few hours of encrypted data. On a network with minimal activity, this attack could take days or even weeks to capture the requisite traffic. Some packet injection techniques, however, have the ability to artificially flood the network with activity to reduce the amount of time it takes to collect enough packets for an FMS attack. On the other hand, keep in mind that vendors who include weak key avoidance techniques in their firmware (which most do) are not vulnerable to FMS attacks. So, be sure to update your firmware on a periodic basis!

These issues don't make WEP useless, it just means that you have to be careful about how and when you use it. If you aren't able to implement anything else (such as WPA), and the only thing you have is WEP, then go ahead and use it. If you're in a network with minimal security requirements, WEP may be appropriate.

I recommend using WEP and changing keys on a regular basis, if for no other reason, then because it identifies your network as private. Since the 802.11 protocol has no other way to tell the world that they shouldn't be attempting to associate with your AP, using WEP is a first line of defense to keep intruders out, or at least put them on notice that a No Trespassing sign has been posted.

You can read more about WEP's security issues in a more in-depth article from InformIT.

This was last published in January 2004

Dig Deeper on Wireless network security