Abstract :
The IEEE 802.11 Wireless LAN standard has been designed with very limited key management capabilities, using up to 4 static, long term, keys, shared by all the stations on the LAN. This design makes it quite difficult to fully revoke access from previously-authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt traffic generated by other hosts on the wireless LAN. This paper proposes WEP, a lightweight solution to the host-revocation problem. The key management in WEP is in the style of pay-TV systems: The Access Point periodically generates new keys, and these keys are transferred to the hosts at authentication time. The fact that the keys are only valid for one re-key period makes host revocation possible, and scalable: A revoked host will simply not receive the new keys. Clearly, WEP is not an ideal solution, and does not address all the security problems that IEEE 802.11 suffers from. However, what makes WEP worthwhile is that it is 100% compatible with the existing standard. And, unlike other solutions, WEP does not rely on external authentication servers. Therefore, WEP is suitable for use even in the most basic IEEE 802.11 LAN configurations, such as those deployed in small or home offices. A WEP prototype has been partially implemented using free, open-source tools.
