Wired equivalent privacy (WEP) is a broken security algorithm for IEEE 802.11 wireless networks. WEP is widely used and is often the first security choice presented to users by router configuration tools. Wired Equivalent privacy uses the stream cipher RC4 for confidentiality and CRC-32 checksum for integrity. Standard 64-bit WEP uses a 40-bit key, which is concatenated with a 24-bit initialization vector to form RC4 traffic key. A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal characters. Each character represents four bits of the key.

Authentication Methods in Wired Equivalent Privacy (WEP)

There are two methods of authentication used with Wired Equivalent Privacy. They are:

  • Open System Authentication – In this method, the WLAN client need not provide its credentials to Access point during authentication. Thus any client regardless of its WEP keys can authenticate itself with the access point and then attempt to associate.
  • Shared Key Authentication – Here WEP is used for authentication. A four way challenge response handshake is used as:
    • The client station sends an authentication request to the access point.
    • The access point sends back a clear-text challenge.
    • The client has to encrypt the challenge text using the configured WEP key.
    • The access point decrypts the material and compares it with the clear text it had sent.

Advantages of WEP Wireless Network Security Algorithm

  • WEP is a protocol that adds security to wireless local area networks.
  • WEP gives wireless networks the equivalent level of privacy protection as a comparable wired network.
  • WEP offers interoperability, since all wireless devices support basic WEP encryption.
  • Another advantage of WEP is that when uses happen to see your network during wireless detection, they will mostly likely be discouraged since it will require a key. This makes users that they are not welcome. Hence network is secure.

Drawbacks of WEP Wireless Network Security Algorithm

  • Key size is one of the security limitations in Wired Equivalent Privacy.
  • Cracking a longer key requires interception of more packets, but there are active attacks that simulate the necessary traffic.
  • The other weaknesses in Wired Equivalent Privacy include the possibility of IV collisions and altered packets that are not helped at all by a longer key.
  • Most users usually do not change their keys. This gives hackers more time to crack the encryption.
  • Master keys, instead of temporary keys, are directly used.