WEP stands for Wired Equivalent Privacy, and that says it all. The entire purpose of WEP is to provide the degree of security, or at least privacy, available on a wired LAN. Unfortunately, it’s difficult to know exactly what that means, and even more difficult to understand how it’s possible.
As we’ve mentioned more than once, to access a wired LAN you need a wire, while radio waves are simply out there, ripe for the plucking. So how can WEP provide the same level of privacy, given the immediate shortcomings of wireless security?
WEP operates on the medium access control (MAC) layer of the 801.11 protocol. The MAC layer operates, in effect, as the communications manager in a wireless network, determining the whereabouts of access points and enacting the protocols to ensure the success of data exchange over the radio waves.
Without the MAC layer, your data wouldn’t go anywhere on the WLAN. The MAC layer handles the following stages on the WLAN:
- Stage 1: Scanning.
The MAC layer begins its job by assisting wireless equipment in the search for access points. In passive scanning, all WLAN adapters scan individual channels for the best available signal, waiting to receive access point information.
Access points regularly broadcast their coordinates to the network for adapters to pick up. These AP broadcasts, called beacons, include details about the network’s SSID (service set identifier), broadcast channels, and the data transfer rates it can handle.
In active scanning, the WLAN adapter probes for APs by sending out a signal (a broadcast of its own, if you will), to which all APs in range respond by sending information to that WLAN.
While active scanning might seem a better idea from a security perspective than AP broadcasts, the combined probe and response create considerable overhead on the network, hence the preference for passive scanning.
Note that the scanning stage has nothing to do with WEP per se, except of course that without a successful scan no further communication (encrypted or not) can occur.
- Stage 2: Authentication.
In network communication terminology, to authenticate means to prove your identity to be accepted for access. Here WEP does come into play, and this is the stage in which the initial problems with Wi-Fi security occur.
The 802.11 standard includes two authentication systems. Open System authentication, the more basic of the two, sees the WLAN adapter request authentication from the access point, with the AP responding with permission or denial.
Without a specific reason to deny (as configured on the AP itself), authentication takes place. In the second system, Shared Key authentication, the same process takes place, with the adapter sending the authentication to the AP and ultimately receiving a signal granting or denying permission to access.
But in between is the crucial step of correctly answering a security challenge. The encryption technology (WEP for our purposes here) sends an encrypted challenge message tied to a specific key.
To pass the challenge, the adapter uses its matching key to decrypt the message and sends it back to the AP. The AP compares the two and, if they match, sends the approval signal.
One problem here is that the AP doesn’t actually know if the adapter has the correct key; it simply assumes this point because it receives the decrypted text. In other words, anyone who finds a way to decrypt the challenge message without having the WEP key can also gain access to the network.
- Stage 3: Association.
After the AP has authenticated the WLAN adapter, a few more details need clearing up before data transfer can take place. The two devices must ascertain that they know the shared SSID and channel, the data rate(s) over which the transfers will occur, and any other configuration details for the AP.
Once the two devices have established this association, they can get to work. With WEP enabled, the adapter will encrypt all data transfers before sending them, and the AP will decrypt them upon receipt (and vice versa). Both devices use the common key for encryption and decryption.
WEP kicks in, as you can see, in the second and third stages, providing an encryption method with an encryption key. You authenticate using WEP, and you associate with WEP.
More specifically, WEP uses an RC4 stream cipher, a standard from the security organization RSA Security, to encrypt the contents of all transmissions sent over the network. The sending and receiving devices share a secret key, which WEP abbreviates further with a randomly generated initialization vector.
In other words, the secret key gets a random number attached to it that the AP in turn decodes to determine if the received data matches the original, only after which does the AP decrypt the transmission using the shared secret key.
At its most basic, WEP uses a 40-bit secret key, although it is also capable of employing a 64-bit key. To offer even better WEP security, however, equipment vendors such as D-Link and Linksys offer proprietary WEP encryption that increases the key to 128-bit or even higher.
To get the maximum benefit of this stronger but proprietary key, all devices on the network need to be able to share it, which means, of course, stocking up on that vendor’s products (precisely because the enhanced WEP technology is different for each vendor).
That’s not a bad thing if you’re setting up a WLAN from scratch, or getting rid of older equipment to take advantage of today’s 802.11g technology, but it’s obviously an issue if you’re adding to existing WEP-enabled WLANs.
If you stick with standard WEP, you can buy any Wi-Fi product with the full reassurance that encryption will function among all your products, but WEP isn’t as good at the various enhanced versions of WEP at security.
So it’s up to you: proprietary but stronger—and more expensive because of the need to buy from one vendor—or standard but weaker. One thing to keep in mind is that WEP covers only the wireless transmission itself (the 802.11 portion).
If the transmission moves beyond the WLAN onto a wired Ethernet LAN (or any other wired LAN), WEP no longer functions. In effect, it loses its authority to provide security at that point.
Don’t count on WEP to handle your full encryption needs in a combined infrastructure network. But surely WEP is reliable for daily wireless transactions, right?
Well, yes and no. WEP was the first encryption technology available for Wi-Fi, and it remains the standard. However, its benefits can be summed up in one telling phrase: it’s better than nothing.
Without question, a WEP-enabled WLAN stands a much better chance of resisting intruders than a non-WEP network with open key authentication. But it has its flaws, and these have conspired to render it next to useless as a technology for protecting truly sensitive data from falling into unwanted hands.
The primary problem with WEP lies in its inability to exchange keys on the fly. Unlike future encryption and authentication technologies, in which devices will be able to constantly change keys automatically, basic WEP requires the manual configuration of keys on the WLAN adapters.
The results are predictable. On large networks, administrators don’t have the time to reconfigure everyone’s adapter manually, so they tend to stick with the same keys for an extended period of time.
On small networks (home and small office), nobody knows about changing keys in the first place, so these keys never change, either. Anyone with a Wi-Fi monitoring tool (of which several exist) can simply keep trying until they retrieve the keys, eventually hacking into the network.
Another problem exists in WEP with the 24-bit limitation on initialization vectors, because even though the AP generates them randomly, before long it must reuse keys. This, too, allows for hacking possibilities.
Finally, as with all networks, any time you add to the basic technology, you create an overhead that can erode performance. WEP is no different. In the early days of 802.11b networking, enabling WEP caused two major problems.
It made connection difficult, and once you did connect, you often wished you hadn’t. The process of authenticating and encrypting caused the wireless LAN to slow to a crawl, often to the degree that requests to the Internet from a notebook PC ended up timing out, because of the time it took to get the request through the AP.
Today’s WEP implementations work considerably better, but you will still typically notice a speed difference—sometimes significant— between a WLAN with WEP enabled and a WLAN that operates without encryption. Safety first, the dictum goes, but most of us care more about speed, especially when it comes to networks.