WEP keys

WEP keys have the following characteristics:

(1) fixed length - usually 40 bits or 104 bits. (for the latter case, vendor touted that the solution is 128bits because the protocol will add a 24bit Initialization Vector to form the full key)
(2) Static - no changes except by reconfiguration
(3) Shared - AP and station have the same key(s)
(4) Symmetric - same key used to encrypt and decrypt data

There are 2 approaches to use WEP keys - Default Keys and Key Mapping Keys.

Default Keys
All station and the APs uses a single set of keys. The standard specifies that there should be 4 default jeys for each devices. Only one default key is needed for security to work. The additional keys are used to ease key change progressively in an environment with many devices. When 2 default keys are defined, all transmissions from AP are encrypted using a single key selected, called the active key. However, received frames (from station) can be decrypted using either of the 2 keys when appropriate. The AP can decrypt data from station that have changed to the new key or those that are yet to be changed.

2 set of default keys further allow the AP and station uses different key set for transmitting. This is called directional key use. The key used by the transmitter is indicated in the KeyID bits in the encrypted frame so the receiver know which key (0 to 4) is used.

Key Mapping Keys
Each station has its own jey value. Not all vendor support this because of the complexity for key configuration and maintenance. Use of different key for each station complicates broadcast. In this case, all multicast traffic is encrypted using a default key that is shared by all stations. Only unicast traffic are sent using the key mapping key.

The challenge for AP is that it has to keep track of muliple key. Another difficuty is to ensure all AP has the same copy of jey table.

AP can operated with default jeys and key mappn gjeys simultaneously. When the AP sends or receives a frame, it looks in the key table to see whether there is a matching MAC entry for the station. It there is, it uses the key mapping key. Otherwise, it use the default key (that's why it called).