Wireless - Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is a security protocol that was designed for wireless local area networks (WLANs) and was part of the original IEEE 802.11 Wi-Fi standard ratified in 1997. WEP's goal was to provide data confidentiality comparable to that of a traditional wired network, hence the name "Wired Equivalent Privacy." However, over time, numerous security flaws were identified in WEP, making it vulnerable to various types of attacks.

Key aspects of WEP include:

  1. Encryption: WEP uses the RC4 stream cipher for encryption. The standard supported key sizes of 64-bit and 128-bit, but in practice, these are actually 40-bit and 104-bit keys respectively, with the remaining bits used for an Initialization Vector (IV).

  2. Authentication: WEP provides two methods of authentication - Open System authentication and Shared Key authentication. Open System authentication is essentially a null authentication where any device can join the network, while Shared Key authentication uses a pre-shared WEP key.

  3. Security Flaws:

    • Weakness in IVs: The Initialization Vectors (IVs) used in WEP are 24-bit, leading to a limited number of unique IVs. This limitation, coupled with the way IVs are used in WEP, makes it vulnerable to certain types of attacks like IV collision attacks.
    • Key Management and Security: WEP does not provide a standardized method for key management. Keys need to be changed manually, which is often impractical. This leads to the use of weak keys and makes it easier for attackers to crack the encryption.
    • Vulnerability to Attacks: WEP is vulnerable to various attacks, including passive attacks (eavesdropping), active attacks (like injection and replay attacks), and statistical attacks that exploit IV weaknesses.
  4. Deprecation: Due to its vulnerabilities, WEP has been deprecated in favor of more secure standards like WPA (Wi-Fi Protected Access) and WPA2. The Wi-Fi Alliance officially ceased certifying devices for WEP in 2004.

Despite its vulnerabilities, WEP was widely used in the early days of wireless networking. Its ease of implementation and the lack of more secure, universally accepted alternatives contributed to its popularity. However, with the availability of stronger security protocols like WPA2 and WPA3, the use of WEP is now strongly discouraged due to its significant security weaknesses.

Links:

https://networklessons.com/cisco/ccna-200-301/wireless-authentication-methods#WEP