What is WEP ? Are you secure ?

Om Khard
3 min readMay 9, 2021

--

Wired Equivalent Policy which is abbreviated to WEP , is a security policy for wireless devices like (access points , routers , peer to peer connections). And Wireless works on Radio waves transmission , in every wireless devices radio transmitter and receiver is used to convert the electrical signals to radio waves. And to secure those radio transmission from 4n0nym0us authentication security researchers come up with the WEP at first from the start of Wireless connection

Introduction

Wired Equivalent Policy is assigned as 802.11 IEEE based protocol which is based on RC4 Encryption Algorithm. Now foremost, we go to the history of WEP It’s designed in back 1999 to fulfill some security aspects like (being Authorized in the network , It assigns each packet in the network with an Initialization Vector). WEP works in Layer 2 of the OSI network model , it works with the Identification of the systems (or MAC address) and making it to connect with the other system b/wireless. The policy requires either 40-bits or 104-bits WEP key to encrypt the packets , wait ! You are gonna ask “It’s keys are either 64-bits or 128-bits ? Where’s remaining 24-bits?” It gets reserved for your security. Yes the remaining 24-bits are for Initialization Vector(IV i.e., 24-bits) which is assigned pseudo-randomly to each of the packets . It’s a security concern that it’s not big task to generate any random number of around 16 million numbers , one can easily generate it using any programmatic way.

fig-1.1 RC4 algorithm Process

We can say WEP is one of oldest and first Wireless Security Protocol. In 2001 , 3 security researchers found FMS attack vulnerability in a WEP connected topology. The attack is nothing but it discloses the WEP security key between the client and server to the attacker. WEP is a shared-key encryption means with the encrypted text the packets send the type of algorithm used so that it can be decrypted. But any MITM can perform FMS attack and can see and manipulate the data requested by the client to the server.

To overcome these Security Aspects

IEEE came up with a new wireless security protocol with 802.11i based policy is WAP (Wi-Fi Protected Access), which takes (AAA policy, packet filtering, pre-shared encryption). And after sometime WPA also got updated to WPA2 and WPA3.

It might be secured if IV (Initialization Vector) value gets increased from 24-bits to 48-bits , it will give more secured and authorized Wireless Connection in WEP.

Security Measures to walkthrough more:

  1. Duplicate Address Detection
  2. Asymmetric Packet/Data Encryption
  3. MAC address 4n0n1m1ty.
  4. Source and Destination information checking (Gatekeeper Allowance).

Security Aspect

fif-1.2 M17M attack

Thanks for giving time to read this till here …

We have so many topics to cover (Next is something I left in previous Topics).

--

--