skip to main content
10.1145/1514274.1514286acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Practical attacks against WEP and WPA

Published: 16 March 2009 Publication History
  • Get Citation Alerts
  • Abstract

    In this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre-shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

    References

    [1]
    Andrea Bittau, Mark Handley, and Joshua Lackey. The final nail in WEP's coffin. In IEEE Symposium on Security and Privacy, pages 386--400. IEEE Computer Society, 2006.
    [2]
    IEEE-SA Standards Board. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Communications Magazine, IEEE, 2007.
    [3]
    Rafik Chaabouni. Break WEP faster with statistical analysis. Technical report, EPFL, LASEC, June 2006.
    [4]
    Scott R. Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling algorithm of RC4. In Serge Vaudenay and Amr M. Youssef, editors, Selected Areas in Cryptography 2001, volume 2259 of Lecture Notes in Computer Science, pages 1--24. Springer, 2001.
    [5]
    David Hulton. Practical exploitation of RC4 weakness in WEP environments, 2002. presented at HiverCon 2002.
    [6]
    Robert J. Jenkins. Isaac and rc4. {http://burtleburtle.net/bob/rand/isaac.html, 1996.
    [7]
    A. Klein. Attacks on the RC4 stream cipher. Designs, Codes and Cryptography, 48(3):269--286, 2008.
    [8]
    KoreK. chopchop (experimental WEP attacks). http://www.netstumbler.org/showthread.php?t=12489, 2004.
    [9]
    KoreK. Next generation of WEP attacks? http://www.netstumbler.org/showpost.php?p=93942&postcount=35, 2004.
    [10]
    Yuko Ozasa, Yoshiaki Fujikawa, Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii. A study on the Tews, Weinmann, Pyshkin attack against WEP. In IEICE Tech. Rep., volume 107 of ISEC2007-47, pages 17--21, Hokkaido, July 2007. Thu, Jul 19, 2007 - Fri, Jul 20 : Future University-Hakodate (ISEC, SITE, IPSJ-CSEC).
    [11]
    D. C. Plummer. RFC 826: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware, November 1982.
    [12]
    David Sterndark. Rc4 algorithm revealed. Usenet posting, Message-ID: [email protected], Sep 1994.
    [13]
    Adam Stubblefield, John Ioannidis, and Aviel D. Rubin. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Transactions on Information and System Security, (2):319--332, May 2004.
    [14]
    Erik Tews. Attacks on the wep protocol. Cryptology ePrint Archive, Report 2007/471, 2007. http://eprint.iacr.org/.
    [15]
    Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin. Breaking 104 bit wep in less than 60 seconds. In Sehun Kim, Moti Yung, and Hyung-Woo Lee, editors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 188--202. Springer, 2007.
    [16]
    Serge Vaudenay and Martin Vuagnoux. Passive-only key recovery attacks on RC4. In Selected Areas in Cryptography 2007, Lecture Notes in Computer Science. Springer, 2007.

    Cited By

    View all
    • (2024)A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi NetworksIEEE Access10.1109/ACCESS.2024.336280312(23096-23121)Online publication date: 2024
    • (2024)Towards improving the security of wireless networks using secured session keysInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347682(1-14)Online publication date: 6-May-2024
    • (2023)WiFiCue: Public Wireless Access Security Assessment ToolSSRN Electronic Journal10.2139/ssrn.4635997Online publication date: 2023
    • Show More Cited By

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '09: Proceedings of the second ACM conference on Wireless network security
    March 2009
    280 pages
    ISBN:9781605584607
    DOI:10.1145/1514274
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 16 March 2009

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. 802.11
    2. cryptanalysis
    3. rc4
    4. tkip
    5. wep
    6. wlan
    7. wpa

    Qualifiers

    • Research-article

    Conference

    WISEC '09
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)134
    • Downloads (Last 6 weeks)10

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi NetworksIEEE Access10.1109/ACCESS.2024.336280312(23096-23121)Online publication date: 2024
    • (2024)Towards improving the security of wireless networks using secured session keysInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347682(1-14)Online publication date: 6-May-2024
    • (2023)WiFiCue: Public Wireless Access Security Assessment ToolSSRN Electronic Journal10.2139/ssrn.4635997Online publication date: 2023
    • (2023)Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179441(3162-3177)Online publication date: May-2023
    • (2023)Security enhancement of an integrated mode division multiplexed VLC system using two-dimensional WMZCC codesJournal of Optics10.1007/s12596-023-01216-853:1(622-634)Online publication date: 7-Jun-2023
    • (2022)Wi-Fi Handshake: analysis of password patterns in Wi-Fi networksPeerJ Computer Science10.7717/peerj-cs.11858(e1185)Online publication date: 16-Dec-2022
    • (2022)Security enhancement of visible light communication system using proposed 2D-WMZCC codes under the effects of eavesdropperJournal of Optical Communications10.1515/joc-2022-0070Online publication date: 30-Jun-2022
    • (2022)Multi-Attribute Decision-Making for Intrusion Detection Systems: A Systematic ReviewInternational Journal of Information Technology & Decision Making10.1142/S021962202230004X22:01(589-636)Online publication date: 31-Aug-2022
    • (2022)Securing IoT Devices by Exploiting Backscatter Propagation SignaturesIEEE Transactions on Mobile Computing10.1109/TMC.2021.308475421:12(4595-4608)Online publication date: 1-Dec-2022
    • (2022)Multi-Class Intrusion Detection Using Two-Channel Color Mapping in IEEE 802.11 Wireless NetworkIEEE Access10.1109/ACCESS.2022.316410410(36791-36801)Online publication date: 2022
    • Show More Cited By

    View Options

    Get Access

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media