We All Weep for WEP

WEP—or Wired Equivalent Privacy—was the ill-fated “security” layer around early 802.11b, 802.11a, and 802.11g Wi-Fi wireless networks. And yes, it is still supported as a legacy feature of most Wi-Fi routers these days.

NOTE: If you are using WEP, run screaming from it. Upgrade immediately. Turn it off, even. You’re far better off moving your network security up one layer to an IPSec-based VPN technology. (But VPN technology is another topic for another time and column.)

Yes, WEP is an über-classic example of a failed design by a committee. But rather than just ridiculing it from afar, let’s explore what lessons we can gleam from the experience. As an engineer by training, I’ve always felt that, while we shouldn’t embrace failure, we should always examine it and see how we can prevent similar failures in the future.

First, just what’s so bad about it? There have been countless papers published in the past several years providing one WEP design flaw after another. The symmetric session key is shared and extremely difficult to manage. Much of the key itself is transmitted in plaintext over the network for any eavesdropper to intercept. The list goes on. It is currently estimated that any WEP “protected” network can be cracked in about a minute using commonly and freely available tools. Go “Google it” for yourself and see.

So, what went wrong? Wasn’t the design committee aware of these problems? Well, I’m not a cryptographer and I wasn’t present in the meetings where the design was debated, so I can only speculate. I have no doubt that any competent cryptographer that was present should be ashamed, and if no competent cryptographers were present, then whoever decided on the committee participants should be ashamed. Perhaps it was the age-old problem of the designers focusing too much on functional specification and not enough on what things can go wrong with a design.

If we compare WEP’s design process with how NIST selected the Advanced Encryption Standard (AES), however, there are vast differences. The AES process invited all comers to submit their encryption algorithms, which were then subjected to an extended period of public scrutiny and open discussion. Finally, the winning algorithm (Rijndael, after the two Belgian cryptographers who invented it) was selected.

Now, I fully realize that a crypto algorithm is different than a cryptographic network protocol, but perhaps using a similar process could have resulted in catching the most egregious of the defects before the standard was ratified? Perhaps that’s too naïve an outlook, or perhaps it would have been too slow to enable the product vendors to get their products to market in any reasonable period of time. But I can’t help but think we squandered an opportunity to prevent disaster here.