Wired Equivalent Privacy (Compact 2013)


Wired Equivalency Privacy (WEP) helps achieve data confidentiality by encrypting the data that is sent between wireless nodes. You indicate WEP encryption for an IEEE 802.11x frame by setting a WEP flag in the media access control (MAC) header of the 802.11x frame. WEP helps provide data integrity for random errors by including an integrity check value (ICV) in the encrypted portion of the wireless frame.


Due to the nature of wireless LAN networks, implementing a security infrastructure that monitors physical access to the network is difficult. Unlike a wired network where a physical connection is required, anyone within range of a wireless access point (AP) can send and receive frames and listen for other frames being sent. This situation makes eavesdropping and remote sniffing of wireless LAN frames very easy. The purpose of wired equivalent privacy (WEP), as defined by the general IEEE 802.11 standard, is to provide a level of data confidentiality that is similar to a wired network.


WEP has been superseded by Wi-Fi Protected Access 2. The Wi-Fi Alliance now recommends that users switch to Wi-Fi Protected Access 2 (WPA2). After 2006, hardware manufacturers must support WPA2 to use the Wi-Fi trademark.

WEP defines two shared keys:

  • Multicast/global key
    Encryption key that helps to protect multicast and broadcast data that is sent from a wireless AP to its connected wireless clients
  • Unicast session key
    Encryption key that helps to protect unicast data that is sent between a wireless client and a wireless AP, and multicast and broadcast data that is sent by a wireless client to the wireless AP


WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit encryption keys. Although 104-bit encryption keys are not standard, many wireless AP vendors support them.

To increase security, WEP uses Shared Key Authentication.

See Also


Shared Key Authentication

Other Resources