Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks Wired equivalent privacy is provided by the 802.11b specification. It operates in media access control layer(MAC).WEP uses the stream cipher RC4 algorithm to scramble the data packets for confidentiality and the CRC-32 checksum for integrity.
The WEP implements two types of security. It has a a 5 to 13 characters long password shared (shared WEP) by all users of the access point .The encryption algorithm makes use of the secret key to scramble each packet with a unique password. The key is a randomly generated number (Initialization Vector:IV)+secret key.
The IV ensures that if a packet is captured by any means , not all packets could be read, since the attacker won’t be having the secret key. It changes every time.
However, The key (the shared secret that locks and unlocks the encryption in WEP) is simply not secure enough. Data transmitted across the WEP-enabled network repeats itself too frequently — frequently enough that any attacker can sniff on a network and get the repeated elements and use tools to determine the network key. With the key, the attacker could log on to the network or simply just see the packets which are going in the network.
Two authentication techniques are used with WEP security standard.
1) Shared key Authentication
2) Open key Authentication
In open system authentication, no credentials are required by the user to connect to the network. Any user can connect and carry on the network activities.
The second authentication is shared key authentication. In this technique user have to enter his credentials before logging on to the network.
The authentication is done in the following way :
First of all users have to send an authentication request to the WEP enabled access point.
Access point sends a cypher text in reply. User has to encrypt that text message using WEP key and again send it back to the aces point. This text message is decrypted through access point. If they match exactly then the user gets the permission to connect to the network.
The shared key authentication is much secure as compared to open system authentication. But the drawback with shared key authentication is that key stream can be identified during transmission. In this case, its better to use open key authentication