Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

Due to the nature of wireless LAN networks, implementing a security infrastructure that monitors physical access to the network is difficult. Unlike a wired network where a physical connection is required, anyone within range of a wireless AP can conceivably send and receive frames as well as listen for other frames being sent. This makes eavesdropping and remote sniffing of wireless LAN frames very easy. Wired Equivalent Privacy (WEP) is defined by the IEEE 802.11 standard and is intended to provide a level of data confidentiality that is equivalent to a wired network.

WEP provides data confidentiality services by encrypting the data sent between wireless nodes. WEP encryption for an 802.11 frame is indicated by setting a WEP flag in the MAC header of the 802.11 frame. WEP provides data integrity for random errors by including an integrity check value (ICV) in the encrypted portion of the wireless frame.

The following tables shows the two shared keys that WEP defines.

Key type Description

Multicast/global key

Encryption key that helps to protect multicast and broadcast traffic from a wireless AP to all of its connected wireless clients.

Unicast session key

Encryption key that helps to protect unicast traffic between a wireless client and a wireless AP and multicast and broadcast traffic sent by a wireless client to the wireless AP.

WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit encryption keys. 104-bit encryption keys are not standard, however, many wireless AP vendors support them.

See Also

Other Resources

Wi-Fi Standards