WEP - Wireless Security

Posted on 1:41 PM by Bharathvn

Wired Equivalent Privacy (WEP)
WEP was the first encryption standard for wireless networks. WEP can be deployed in three strengths: 64, 128, and 256 bit. WEP is based on the RC4 encryption algorithm. As wireless networks gained popularity, a vulnerability in the key scheduling algorithm of RC4 was discovered wherein a subset of the initialization vectors (IVs) used by WEP were determined to be weak. By collecting enough of these weak IVs, an attacker could determine the WEP key and potentially compromise the wireless network. Many vendors issued firmware updates for their wireless equipment that reduced the number of weak IVs that were generated. These updates, coupled with the amount of time it took to gather enough weak IVs to crack the key, greatly reduced the effectiveness of attacks against WEP. Security researchers discovered another way to attack WEP, called chopping. As explained previously, chopping involves taking a WEP packet and removing, or chopping off, the last byte, which breaks the
CRC/ICV. If the last byte is 0, the last four bytes are xor’ed with a specific value to make a valid CRC and then the packet is retransmitted to the network. This attack effectively ended the need for weak IVs to be collected in order to crack WEP. Using chopping methods, only unique IVs needed to be collected.

The amount of time involved in data collection was significantly reduced. Despite these vulnerabilities, WEP is still the most used form of wireless encryption deployed worldwide. These numbers are slightly misleading, though, because the majority of WEP networks are deployed in home WLANs. Corporate and government WLANs rarely use WEP now and have migrated to a more secure form of encryption.