The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN
from casual eavesdropping. The IEEE 802.11 WEP standard specified a 40-bit key,
so that WEP could be exported and used worldwide, as indicated in Figure
. Most vendors
have extended WEP to 128 bits or more. When using WEP, both the wireless client
and the access point must have a matching WEP key. WEP is based upon an
existing and familiar encryption type, Rivest Cipher 4 (RC4).
The IEEE
802.11 standard provides two schemes for defining the WEP keys to be used on a
WLAN. In the first scheme, a set of up to four default keys are shared by all
stations, including clients and access points, in a wireless subsystem. In the
first scheme, a set of up to four default keys are shared by all stations,
including clients and access points, in a wireless subsystem. The problem with
default keys is that when they become widely distributed, they are more likely
to be compromised. Cisco WLAN equipment uses this scheme.
In the second
scheme, each client establishes a key mapping relationship with another
station. This is a more secure form of operation, because fewer stations have
the keys. However, distributing such unicast keys becomes more difficult as the
number of stations increases. The way that 802.11 uses WEP encryption is weak
in several ways. These weaknesses are being addressed by the 802.11i standard,
which will be explained in the following sections.