research-article

Practical attacks against WEP and WPA

Authors:

Martin BeckAuthors Info & Claims

WiSec '09: Proceedings of the second ACM conference on Wireless network security

March 2009

Pages 79 - 86

https://doi.org/10.1145/1514274.1514286

Published: 16 March 2009 Publication History

Abstract

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre-shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

References

[1]

Andrea Bittau, Mark Handley, and Joshua Lackey. The final nail in WEP's coffin. In IEEE Symposium on Security and Privacy, pages 386--400. IEEE Computer Society, 2006.

Digital Library

[2]

IEEE-SA Standards Board. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Communications Magazine, IEEE, 2007.

[3]

Rafik Chaabouni. Break WEP faster with statistical analysis. Technical report, EPFL, LASEC, June 2006.

[4]

Scott R. Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling algorithm of RC4. In Serge Vaudenay and Amr M. Youssef, editors, Selected Areas in Cryptography 2001, volume 2259 of Lecture Notes in Computer Science, pages 1--24. Springer, 2001.

Digital Library

[5]

David Hulton. Practical exploitation of RC4 weakness in WEP environments, 2002. presented at HiverCon 2002.

[6]

Robert J. Jenkins. Isaac and rc4. {http://burtleburtle.net/bob/rand/isaac.html, 1996.

[7]

A. Klein. Attacks on the RC4 stream cipher. Designs, Codes and Cryptography, 48(3):269--286, 2008.

Digital Library

[8]

KoreK. chopchop (experimental WEP attacks). http://www.netstumbler.org/showthread.php?t=12489, 2004.

[9]

KoreK. Next generation of WEP attacks? http://www.netstumbler.org/showpost.php?p=93942&postcount=35, 2004.

[10]

Yuko Ozasa, Yoshiaki Fujikawa, Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii. A study on the Tews, Weinmann, Pyshkin attack against WEP. In IEICE Tech. Rep., volume 107 of ISEC2007-47, pages 17--21, Hokkaido, July 2007. Thu, Jul 19, 2007 - Fri, Jul 20 : Future University-Hakodate (ISEC, SITE, IPSJ-CSEC).

[11]

D. C. Plummer. RFC 826: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware, November 1982.

Digital Library

[12]

David Sterndark. Rc4 algorithm revealed. Usenet posting, Message-ID: [email protected], Sep 1994.

[13]

Adam Stubblefield, John Ioannidis, and Aviel D. Rubin. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Transactions on Information and System Security, (2):319--332, May 2004.

Digital Library

[14]

Erik Tews. Attacks on the wep protocol. Cryptology ePrint Archive, Report 2007/471, 2007. http://eprint.iacr.org/.

[15]

Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin. Breaking 104 bit wep in less than 60 seconds. In Sehun Kim, Moti Yung, and Hyung-Woo Lee, editors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 188--202. Springer, 2007.

Digital Library

[16]

Serge Vaudenay and Martin Vuagnoux. Passive-only key recovery attacks on RC4. In Selected Areas in Cryptography 2007, Lecture Notes in Computer Science. Springer, 2007.

Digital Library

Cited By

Thankappan MRifà-Pous HGarrigues C(2024)A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi NetworksIEEE Access10.1109/ACCESS.2024.336280312(23096-23121)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3362803
Amma NJayaraj TAmma N(2024)Towards improving the security of wireless networks using secured session keysInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347682(1-14)Online publication date: 6-May-2024
https://doi.org/10.1080/19393555.2024.2347682
Adams J(2023)WiFiCue: Public Wireless Access Security Assessment ToolSSRN Electronic Journal10.2139/ssrn.4635997Online publication date: 2023
https://doi.org/10.2139/ssrn.4635997
Show More Cited By

Index Terms

Practical attacks against WEP and WPA
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Practical verification of WPA-TKIP vulnerabilities
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

We describe three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP). The first attack is a Denial of Service attack that can be executed by injecting only two frames every minute. The second attack demonstrates how ...
Read More
Real-Life Paradigms of Wireless Network Security Attacks
PCI '11: Proceedings of the 2011 15th Panhellenic Conference on Informatics

Wirelesses Local Area Networks (WLANs) have become more prevalent and are widely deployed in many popular places like university campuses, cafés, airports, residences, etc. However, WLAN security is a very important but usually neglected issue. Focusing ...
Read More
Practical Side-Channel Attacks against WPA-TKIP
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

We measure the usage of cipher suites in protected Wi-Fi networks, and do this for several distinct geographic areas. Surprisingly, we found that 44.81% of protected networks still support the old WPA-TKIP cipher. Motivated by this, we systematically ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '09: Proceedings of the second ACM conference on Wireless network security

March 2009

280 pages

ISBN:9781605584607

DOI:10.1145/1514274

General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '09

Sponsor:

WISEC '09: Second ACM Conference on Wireless Network Security

March 16 - 19, 2009

Zurich, Switzerland

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

121
Total Citations
View Citations
3,404
Total Downloads

Downloads (Last 12 months)134
Downloads (Last 6 weeks)10

Other Metrics

View Author Metrics

Citations

Cited By

Thankappan MRifà-Pous HGarrigues C(2024)A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi NetworksIEEE Access10.1109/ACCESS.2024.336280312(23096-23121)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3362803
Amma NJayaraj TAmma N(2024)Towards improving the security of wireless networks using secured session keysInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347682(1-14)Online publication date: 6-May-2024
https://doi.org/10.1080/19393555.2024.2347682
Adams J(2023)WiFiCue: Public Wireless Access Security Assessment ToolSSRN Electronic Journal10.2139/ssrn.4635997Online publication date: 2023
https://doi.org/10.2139/ssrn.4635997
Feng XLi QSun KYang YXu K(2023)Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179441(3162-3177)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179441
Kaur HGrewal N(2023)Security enhancement of an integrated mode division multiplexed VLC system using two-dimensional WMZCC codesJournal of Optics10.1007/s12596-023-01216-853:1(622-634)Online publication date: 7-Jun-2023
https://doi.org/10.1007/s12596-023-01216-8
Carballal AGalego-Carro JRodriguez-Fernandez NFernandez-Lozano C(2022)Wi-Fi Handshake: analysis of password patterns in Wi-Fi networksPeerJ Computer Science10.7717/peerj-cs.11858(e1185)Online publication date: 16-Dec-2022
https://doi.org/10.7717/peerj-cs.1185
Kaur HSingh Grewal N(2022)Security enhancement of visible light communication system using proposed 2D-WMZCC codes under the effects of eavesdropperJournal of Optical Communications10.1515/joc-2022-0070Online publication date: 30-Jun-2022
https://doi.org/10.1515/joc-2022-0070
Alamleh AAlbahri OZaidan AAlamoodi AAlbahri AZaidan BQahtan Sbinti Ismail AMalik RBaqer MJasim AAl-Samarraay M(2022)Multi-Attribute Decision-Making for Intrusion Detection Systems: A Systematic ReviewInternational Journal of Information Technology & Decision Making10.1142/S021962202230004X22:01(589-636)Online publication date: 31-Aug-2022
https://doi.org/10.1142/S021962202230004X
Luo ZWang WHuang QJiang TZhang Q(2022)Securing IoT Devices by Exploiting Backscatter Propagation SignaturesIEEE Transactions on Mobile Computing10.1109/TMC.2021.308475421:12(4595-4608)Online publication date: 1-Dec-2022
https://doi.org/10.1109/TMC.2021.3084754
Aminanto MWicaksono RAminanto ATanuwidjaja HYola LKim K(2022)Multi-Class Intrusion Detection Using Two-Channel Color Mapping in IEEE 802.11 Wireless NetworkIEEE Access10.1109/ACCESS.2022.316410410(36791-36801)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3164104
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents