Wireless MAC Payload
The wireless MAC payload is decrypted as follows:
- The IV is obtained from the front of the MAC payload.
- The WEP encryption key is concatenated with the IV.
- The concatenated WEP encryption key and IV is used as the input of a PRNG to generate a bit sequence of the same size as the combination of the data and the ICV (the same bit sequence as that of the sending wireless node).
- The PRNG bit sequence is XORed with the encrypted [data+ICV] to decrypt the [data+ICV] portion of the payload.
- The ICV for the data portion of the payload is calculated and compared with the value included in the incoming frame. If the values match, the data is considered to be valid (i.e., sent from the wireless client and unmodified in transit).
While the secret key remains constant over a long duration, the IV is changed periodically, sometimes as often as every frame. The period after which IV values are changed depends on the degree of privacy required of the WEP algorithm. Changing it after each frame is an ideal method of maintaining the effectiveness of WEP.