Wired Equivalent Privacy in wlan
Currently most WLANs using the research 802.11 standard defend their network using the Wired Equivalent Privacy (WEP) protocol. The primary purpose and goal of employing WEP is to ensure that confidential data is protected from potential attackers, in a similar manner that wired LANs are protected. This is done by guaranteeing data confidentiality and data integrity.
WEP utilizes the RC4 stream cipher algorithm, which is a type of pseudo- random number generator (PRNG), to encrypt and decrypt the data passing through the network. Because it is at the heart of WEP’s encryption and decryption process, the RC4 algorithm will be explained in more depth in the next section. This will be followed by a detailed description of WEP’s implementation.
WEP is dependent upon a shared key, which is manually entered into every node of the WLAN. This shared key can be 40-bits long or 104-bits long . Because it must be physically entered into each piece of equipment, it is seldom changed. This shared key must remain secret so that the message cannot be compromised by attackers. WEP also relies on a 24-bit initialization vector (IV) for part of the encryption process, which is generated via the wireless PCMCIA card. The IV prepended to the shared key is known as the secret key. The purpose of the IV is to allow the use of the same shared key repeatedly without running the risk of producing the same pseudorandom stream twice. The way WEP manages IV use is one of its biggest flaws and is discussed in depth in Section 5. It should also be observed that WEP includes an integrity check vector (ICV) to ensure that the data in each packet of information is not changed between the transmission and reception path . The ICV is obtained by sending the message through a 32-bit cyclic redundancy check (CRC-32) algorithm.
As mentioned above, the RC4 algorithm is utilized for encryption purposes by the WEP security protocol. RC4, also known as “Ron’s Code #4” or “Rivest”, was developed at RSA Laboratories in 1987 by Ron Rivest. Originally, the code was kept as a trade secret. However, in 1994, the source code was mysteriously leaked to an online mailing list, and was not a secret anymore .
RC4 is a stream cipher, a cipher which encrypts each and every byte of data being sent one byte at a time. In addition, it is a symmetric key algorithm, an algorithm that uses the same key to both encrypt and decrypt the information. In general, RC4 generates a random string (usually 8 bits) which is then XORed with the plaintext byte being sent to produce a ciphertext character. The RC4 encryption algorithm is made up of two major sub-algorithms, the Key Scheduling Algorithm (KSA) and the Psuedo Random Generation Algorithm (PRGA).