LLMpediaThe first transparent, open encyclopedia generated by LLMs

WEP

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Wired Equivalent Privacy Hop 4
Expansion Funnel Raw 68 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted68
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
WEP
NameWEP
CaptionWireless encryption protocol
Introduced1997
DeveloperIEEE, Ronald Rivest
StandardIEEE 802.11
StatusObsolete

WEP

WEP is a deprecated wireless security protocol designed to provide confidentiality for IEEE 802.11 wireless networks. It was introduced to offer privacy similar to wired networks and was widely implemented by vendors such as Cisco Systems, Netgear, D-Link, and Intel Corporation in the late 1990s and early 2000s. Early adoption involved interoperability with products from Lucent Technologies, Nortel Networks, 3Com, and chipset makers like Broadcom.

Overview

WEP aimed to secure wireless links using symmetric key encryption based on the RC4 stream cipher by Ronald Rivest and a 24-bit initialization vector. It was standardized within the IEEE 802.11 working group alongside contributions from companies including Microsoft, IBM, AT&T, and Hewlett-Packard. Major certification and deployment efforts involved organizations such as Wi-Fi Alliance and regulatory interaction with bodies like Federal Communications Commission and European Telecommunications Standards Institute. Vendors including Linksys and Belkin shipped WEP-enabled devices to enterprises and consumers.

History and Development

WEP development occurred during the formative years of the IEEE 802.11 standard, with specifications published in the IEEE 802.11-1997 release. Engineers and researchers from Xerox PARC, Bell Labs, Sun Microsystems, and Motorola influenced wireless LAN design choices. Security analysis by academics at Massachusetts Institute of Technology, University of California, Berkeley, Carnegie Mellon University, and Royal Holloway, University of London revealed weaknesses that prompted revisions and the later creation of replacement standards. Industry groups such as IEEE Standards Association and IETF discussed migration paths, while vendors like Apple Inc. and Samsung implemented transitional support.

Technical Details

WEP uses the RC4 stream cipher devised by Ronald Rivest combined with a 24-bit initialization vector (IV) appended to a shared secret key, commonly 40-bit or 104-bit total key lengths in practice. Frame integrity was provided by CRC-32, a checksum standardized by ISO and used across networking stacks from Cisco Systems routers to Juniper Networks switches. Authentication modes included open system and shared key, with interoperability tested by the Wi-Fi Alliance test suites. Implementation details were specified in IEEE 802.11 documents and influenced by cryptographic libraries from vendors such as RSA Security and toolchains like OpenSSL.

Security Vulnerabilities and Attacks

Cryptanalysis by researchers at University of California, Berkeley, University of Pennsylvania, Technische Universität Darmstadt, and University of California, Santa Barbara demonstrated key recovery attacks exploiting weak IV reuse and RC4 biases. Practical attacks were published by teams including Fluhrer, Mantin, and Shamir and later by security firms and researchers from Matasano Security, Aircrack-ng developers, and academics behind tools used with hardware from Atheros Communications and Realtek. Replay attacks and forgery leveraged predictable IV selection in firmware from vendors like Linksys and Netgear. High-profile disclosures at conferences such as Black Hat, DEF CON, USENIX Security Symposium, and ACM CCS accelerated deprecation. Law enforcement and intelligence stakeholders at agencies like NSA and GCHQ evaluated implications for operational security.

Deployment and Usage

WEP saw widespread deployment across consumer routers, enterprise access points, and embedded devices manufactured by companies including Cisco Systems, Netgear, D-Link, TP-Link, and Apple Inc.. Public hotspots operated by chains like Starbucks and telecommunication providers such as AT&T and Vodafone initially used WEP or transitional modes. Network administrators in universities like Stanford University, MIT, and University of Cambridge migrated from WEP as advisories from vendors and bodies like CERT Coordination Center recommended stronger alternatives. Legacy industrial and embedded systems from manufacturers like Siemens and Schneider Electric sometimes continued WEP for compatibility despite known risks.

Alternatives and Successors

WEP was superseded by Wi-Fi Protected Access (WPA) and later WPA2, developed through collaboration among Wi-Fi Alliance, IEEE, and security researchers from institutions such as Microsoft Research and Counterpane Internet Security. WPA introduced TKIP and WPA2 introduced AES-based CCMP with standards rooted in work by NIST and cipher designs like AES from Joan Daemen and Vincent Rijmen. Modern deployments favor WPA3, driven by the Wi-Fi Alliance and incorporating features influenced by projects at Cloudflare and Google for better forward secrecy and password-authenticated key exchange. Governments and standards bodies including NIST and ETSI recommend migration away from WEP to these successors.

Category:Wireless networking protocols