Skip to main content

Wired Equivalent Privacy (WEP)

Due to the nature of wireless LAN networks, securing physical access to the network is difficult. Unlike a wired network where a physical connection is required, anyone within range of a wireless AP can potentially send and receive frames as well as listen for other frames being sent, making eavesdropping and remote sniffing of wireless LAN frames very easy. Wired Equivalent Privacy (WEP) is defined by the IEEE 802.11 standard and is intended to provide a level of data confidentiality that is equivalent to a wired network.

WEP provides data confidentiality by encrypting the data sent between wireless nodes. WEP encryption is indicated by setting a WEP flag in the MAC header of the 802.11 frame. WEP provides data integrity for random errors by including an integrity check value (ICV) in the encrypted portion of the wireless frame.

WEP defines two shared keys:

  • The multicast/global key is an encryption key that protects multicast and broadcast traffic between a wireless AP and all of its connected wireless clients.
  • The unicast session key is an encryption key that protects unicast traffic between a wireless client and a wireless AP, and multicast and broadcast traffic sent by the wireless client to the wireless AP.

Next: WEP Encryption