Information Technology Reference
In-Depth Information
F
IG
. 1. The WEP encryption process.
key. While manufacturers may claim that the key is 64-bit or 128-bit, only 40 or 104
bits, respectively, are actually used for data. This remaining 24-bits are the IV which
is pre-pended to the secret key before it is used in the key scheduling algorithm
(KSA). This format is often symbolized by IV.SK, where IV symbolizes the 3 byte
(24-bit) Initialization Vector, and SK symbolizes the 5 byte (40-bit) or 13 byte (104-
bit) secret key from the user. This composite value is the input to the KSA which
converts IV.SK into an initial permutation
S
of
{
0
,...,N −
1
}
. The PRGA then uses
this permutation to generate a pseudo-random output sequence. The algorithms can
be seen in
Fig. 2
. Note that all additions are made modulo 256.
WEP contains a number of flaws in the implementation of RC4 that allows an
attacker to completely compromise the intended security. This potential compromise
is so well publicized and so complete, that WEP should never be considered a reliable
form of security
[3]
.
KSA(
K
)
PRGA(
K
)
Initialization:
Initialization:
for
i =
0
...N −
1
i =
0
S[i]=i
=
0
j =
0
Generation loop:
Scrambling:
i = i +
1
For
i =
0
...N −
1
j = j + S[i]
j = j + S[i]+K[i
mod
l]
Swap
(S[i],S[j ])
Swap(
S[i],S[j ]
)
Output
z = S[S[i]+S[j ]]
Where—
Where—
N =
256 (for WEP)
z
is the byte used to XOR the
K[x]=
value of key (IV.SK) at
plaintext
index
x
l
is the length of IV.SK
F
IG
. 2. The pseudocode of the Key Scheduling Algorithm and Pseudo-Random Generation Algorithm.
