WEP Security

Nikita Borisov, University of Illinois at Urbana-Champaign

Introduction

Background

Overview

Wireless Security Threats

Wired Equivalent Privacy

WEP Protocol

Vulnerabilities

Keystream Reuse

Integrity Vulnerabilities

RC4 Attack

Authentication

Deployment

New Protocols

TKIP

CCMP

Conclusion

Lessons

Future Designs

Glossary

Cross References

References

Further Reading

INTRODUCTION

The IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard is the most popular mechanism for wireless networking. First standardized in 1997 (IEEE Computer Society, 1997), it has grown to many millions of deployed nodes and more than a billion-dollar annually industry. The use of a wireless medium presented new security threats because anyone within transmission range of the network could both eavesdrop on the network traffic and inject malicious contents. To address these threats, the 802.11 standard incorporated the wired equivalent privacy (WEP) protocol with the goal of preventing casual eavesdropping and providing a level of security similar to wired networks. It was discovered, however, that WEP contained numerous security flaws and in fact did not meet any of its goals. Attackers could easily exploit these flaws, and tools automating some of the attacks were made widely available. Responding to this security failure, the 802.11i task group was formed to redesign the 802.11 security suite. The group produced two standards, a short-term solution designed to run on existing hardware ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.