Wired Equivalent Privacy (Wep) - THOMSON Gateway Configuration Manual

Chapter 3
Security
3.3

Wired Equivalent Privacy (WEP)

What is WEP?
WEP is the optional security feature specified by the 802.11 standard. WEP offers both authentication and
encryption mechanisms. When 802.11 security is enabled, each station has a secret key shared with the
access point. If encryption is applied, all wireless stations of the WLAN must use the same encryption key.
WEP is based on the RC4 symmetric stream cipher and a 24-bit initialization vector (IV) which changes on a
per-frame basis. Symmetric means that matching WEP keys must be statically configured on all of the
wireless stations and all of the access points. WEP keys can be either 64-bit (sometimes referred to as 40-bit
because a 40-bit key is shared together with the 24-bit IV) or 128-bit (sometimes referred to as 104-bit because
a 104-bit key is shared together with the 24-bit IV). It is obvious that the 128-bit key offers a higher level of
security.
How does WEP authentication work?
WEP authentication works as follows:
>
The wireless station sends an authentication request to the AP.
>
The AP sends a clear text message to the wireless station.
>
The wireless station encrypts the message using its encryption key.
>
The AP decrypts the message using its encryption key, compares the result to the original text, and sends
a success/failure response to the wireless station.
How does WEP encryption work?
Data is encrypted as follows:
>
The payload is verified with a checksum using the CRC-32 polynomial (for integrity).
>
The checksum is appended to the payload resulting in the plaintext.
>
The plaintext is XORed with a keystream with the same size, resulting in the ciphertext.
>
The IV used to start RC4 is sent along with the ciphertext.
Data is decrypted as follows:
>
The keystream is generated from the shared secret key and the IV.
>
The keystream is XORed with the payload to recover the plaintext.
>
The checksum is verified.
E-DOC-CTC-20060609-0001 v2.0
29