Private Frame Transmissions

Private Frame Transmissions
To offer frame transmission privacy similar to a wired network, the 802.11 specification
defines optional WEP. WEP generates secret shared encryption keys that both source and destination
stations can use to alter frame bits to avoid disclosure to eavesdroppers. This process is
also known as symmetric encryption. Stations can use WEP alone without authentication services,
but they should implement both WEP and authentication together to avoid making the
LAN vulnerable to security threats  1. At the sending station, the WEP encipherment first runs the unencrypted data located in
the Frame Body of a MAC frame through an integrity algorithm. This algorithm generates
a four-octet integrity check value that is sent with the data and checked at the receiving
station to guard against unauthorized data modification.
2. The WEP process inputs the secret shared encryption key into a pseudo-random number
generator to create a key sequence with length equal to the plaintext and integrity
check value.
3. WEP encrypts the data by bitwise XORing the plaintext and integrity check value with
the key sequence to create ciphertext. The pseudo-random number generator makes
key distribution much easier because only the shared key must be made available to each
station, not the variable length key sequence.
4. At the receiving station, the WEP process deciphers the ciphertext using the shared key
that generates the same key sequence used initially to encrypt the frame.
5. The station calculates an integrity check value and ensures that it matches the one sent
with the frame. If the integrity check fails, the station will not hand the MSDU off to the
LLC, and a failure indication is sent to MAC management.