E-DOC-CTC-20060609-0001 v2.0
Chapter 3
Security
30
Dynamic and static WEP
The 802.11 standard does not specify several aspects of the WEP mechanism:
> How the shared secret key is generated.
> How the shared secret key is distributed.
> The number of shared secret keys an AP can manage.
> Periodic key changes (key rotation or re-keying).
Due to the lack of standardization on these issues, various WEP implementations differ from each other
based on how these procedures are handled. Some implementations assume the manual process for each of
these steps, which is called static WEP, others automate one or more of these steps, which is called dynamic
WEP.
Dynamic WEP: which steps are automated and how do they differ according to implementation?
Typical dynamic WEP automates at least key generation and distribution. This kind of automation usually
relies on the 802.1x authentication.
The 802.1x authentication makes this possible because some of its authentication methods generate the
secret key for each wireless station as the result of the authentication. With such implementation, the AP
manages multiple shared keys – one for each wireless station.
In addition to the key generation and distribution automation, some implementations automatically change
the shared secret key and synchronize the change between the wireless station(s) and the AP. Because there
are no standards for this procedure, various algorithms and key time-out values are utilized.
Static WEP
Without automation, the WEP mechanism is referred to as static WEP, and the shared secret keys are called
static keys (versus dynamic keys used by dynamic WEP). Static WEP relies on manual key entry and
distribution. The WEP configuration may also include an option to enter a text phrase from which the shared
secret key will be derived. Static WEP APs can usually handle only one or a few shared secret keys.
Static WEP keys can be distributed in three ways:
> They can be preloaded by the manufacturer.
> They can be exchanged in advance over the wired network.
> Either the access point or any user station can pick a random key and send it to the other stations over the
air encrypted with the other station’s public key.
Security flaw
In 2001, it turned out that WEP security is very weak and can easily be broken. In order to increase security,
and especially the WEP issue, IEEE formed a Task Group (TGi) to develop the 802.11i standard, which
incorporates a detailed specification to enhance the security features for WLANs radically. Because the
elaboration of the 802.11i standard took several years an intermediate measure called Wi-Fi Protected Access
(WPA), was released.
How to configure WEP?
To enable WEP on your Thomson Gateway, see “ Enabling WEP” on page 58 for residential devices or
“ WEP” on page 73 for business devices.
To Next Page
Loading...
