Connectivity and Data Protection
3.
WEP encrypts the data by bitwise XORing the plaintext and
ICV with the key sequence to create ciphertext.
4.
At the receiving station, the WEP process deciphers the
ciphertext using the shared key that generates the same key
sequence used initially to encrypt the frame.
5.
The receiving station calculates an ICV and ensures that it
matches the one sent with the frame. If the integrity check
fails, the station will not process the data frame contents, and a
failure indication is sent to the MAC management entity.
802.11 WEP is vulnerable to hackers, who can use freely available
tools, such as Airsnort and WEPCrack, to decode WEP-encrypted
data frames. These tools exploit the short IV that it sent in clear text
within the data frame. Since the IV is only 24 bits, this means that
data frames using the same IV must be repeated after only a short
time. This cryptographic weakness makes WEP unsuitable for
enterprise wireless LANs. Organizations should use stronger
encryption mechanisms than WEP.
Figure 3.9 shows when the MAC header’s frame control field has the
WEP subfield set to 1, the frame body is encrypted. In early
implementations of 802.11, there was only one choice: WEP. The
“WEP” subfield has been renamed “Protected Frame” by 802.11i.
Notice in the graphic that the IV and ICV are both in clear text – easily
read by any protocol analyzer.
