Basic WLAN Security Technologies
Wired equivalent privacy (WEP)

The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from casual eavesdropping. The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP could be exported and used worldwide, as indicated in Figure . Most vendors have extended WEP to 128 bits or more. When using WEP, both the wireless client and the access point must have a matching WEP key. WEP is based upon an existing and familiar encryption type, Rivest Cipher 4 (RC4).

The IEEE 802.11 standard provides two schemes for defining the WEP keys to be used on a WLAN. In the first scheme, a set of up to four default keys are shared by all stations, including clients and access points, in a wireless subsystem. In the first scheme, a set of up to four default keys are shared by all stations, including clients and access points, in a wireless subsystem. The problem with default keys is that when they become widely distributed, they are more likely to be compromised. Cisco WLAN equipment uses this scheme.

In the second scheme, each client establishes a key mapping relationship with another station. This is a more secure form of operation, because fewer stations have the keys. However, distributing such unicast keys becomes more difficult as the number of stations increases. The way that 802.11 uses WEP encryption is weak in several ways. These weaknesses are being addressed by the 802.11i standard, which will be explained in the following sections.


Web Links