article

A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)

Authors:

Adam Stubblefield,

John Ioannidis,

Aviel D. RubinAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 7, Issue 2

Pages 319 - 332

https://doi.org/10.1145/996943.996948

Published: 01 May 2004 Publication History

Abstract

In this paper, we present a practical key recovery attack on WEP, the link-layer security protocol for 802.11b wireless networks. The attack is based on a partial key exposure vulnerability in the RC4 stream cipher discovered by Fluhrer, Mantin, and Shamir. This paper describes how to apply this flaw to breaking WEP, our implementation of the attack, and optimizations that can be used to reduce the number of packets required for the attack. We conclude that the 802.11b WEP standard is completely insecure, and we provide recommendations on how this vulnerability could be mitigated and repaired.

References

[1]

Arbaugh, W. A. 2001. An inductive chosen plaintext attack against wep/wep2. IEEE Document 802.11-02/230.]]

[2]

Arbaugh, W. A., Shankar, N., and Wan, Y. C. J. 2001. Your 802.11 wireless network has no clothes. In IEEE International Conference on Wireless LANs and Home Networks.]]

[3]

Borisov, N., Goldberg, I., and Wagner, D. 2001. Intercepting mobile communications: The insecurity of 802.11. In MOBICOM 2001.]]

[4]

Brassard, G. 1982. On computationally secure authentication tags requiring short secret shared keys. In Crypto '82. 79--86.]]

[5]

Cafarelli, D. 2001. Personal communications.]]

[6]

Dierks, T. and Allen, C. 1999. The TLS Protocol, Version 1.0. Internet Engineering Task Force. RFC-2246, ftp://ftp.isi.edu/in-notes/rfc2246.txt.]]

[7]

Fluhrer, S., Mantin, I., and Shamir, A. 2001. Weaknesses in the key scheduling algorithm of RC4. In Eighth Annual Workshop on Selected Areas in Cryptography.]]

[8]

Hamrick, M. 2001. Personal communications.]]

[9]

Kent, S. and Atkinson, R. 1998. Security architecture for the Internet protocol. Request for Comments 2401, Internet Engineering Task Force (Nov.).]]

[10]

L. M. S. C. of the IEEE Computer Society. 1999. Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Standard 802.11, 1999 Edition.]]

[11]

Newsham, T. 2001. Cracking WEP keys. Available from http://www.lava.net/wlan/.]]

[12]

Postel, J. and Reynolds, J. K. 1988. Standard for the transmission of IP data grams over IEEE 802 networks. Request for Comments 1042, Internet Engineering Task Force (Feb.).]]

[13]

Shamir, A. 2001. Personal communications.]]

[14]

Stubblefield, A., Ioannidis, J., and Rubin, A. D. 2002. Using the Fluhrer, Mantin, and Shamir attack to break WEP. In Symposium on Network and Distributed System Security.]]

[15]

Wegman, M. N. and Carter, J. L. 1981. New hash functions and their use in authentication and set equality. Journal of Computer System Science 22, 265--279.]]

[16]

Ylonen, T. 1996. SSH---secure login connections over the Internet. In USENIX Security Conference VI. 37--42.]]

Cited By

Bochem ALeiding B(2021)Rechained: Sybil-Resistant Distributed Identities for the Internet of Things and Mobile Ad Hoc NetworksSensors10.3390/s2109325721:9(3257)Online publication date: 8-May-2021
https://doi.org/10.3390/s21093257
van Oorschot Pvan Oorschot P(2021)Wireless LAN Security: 802.11 and Wi-FiComputer Security and the Internet10.1007/978-3-030-83411-1_12(339-373)Online publication date: 14-Oct-2021
https://doi.org/10.1007/978-3-030-83411-1_12
Buccafurri FLax GNicolazzo SNocera A(2020)A Privacy-Preserving Localization Service for Assisted Living FacilitiesIEEE Transactions on Services Computing10.1109/TSC.2016.264636313:1(16-29)Online publication date: 1-Jan-2020
https://doi.org/10.1109/TSC.2016.2646363
Show More Cited By

Index Terms

A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)

Recommendations

Generic Key Recovery Attack on Feistel Scheme
Part I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 8269

We propose new generic key recovery attacks on Feistel-type block ciphers. The proposed attack is based on the all subkeys recovery approach presented in SAC 2012, which determines all subkeys instead of the master key. This enables us to construct a ...
A practical attack on the fixed RC4 in the WEP mode
ASIACRYPT'05: Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security

In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’ correlation or the RC4 glimpse, can be used to attack RC4 ...
A novel Evil Twin MiTM attack through 802.11v protocol exploitation
Abstract
In recent years, especially where 802.11 networks are involved, we have seen a rise in Man in the Middle (MiTM) attacks. In this work, we propose a novel method that maliciously exploits the BSS Transition Management frames IEEE 802.11v protocol ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 7, Issue 2

May 2004

158 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/996943

Issue’s Table of Contents

Copyright © 2004 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2004

Published in TISSEC Volume 7, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

70
Total Citations
View Citations
4,185
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)5

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bochem ALeiding B(2021)Rechained: Sybil-Resistant Distributed Identities for the Internet of Things and Mobile Ad Hoc NetworksSensors10.3390/s2109325721:9(3257)Online publication date: 8-May-2021
https://doi.org/10.3390/s21093257
van Oorschot Pvan Oorschot P(2021)Wireless LAN Security: 802.11 and Wi-FiComputer Security and the Internet10.1007/978-3-030-83411-1_12(339-373)Online publication date: 14-Oct-2021
https://doi.org/10.1007/978-3-030-83411-1_12
Buccafurri FLax GNicolazzo SNocera A(2020)A Privacy-Preserving Localization Service for Assisted Living FacilitiesIEEE Transactions on Services Computing10.1109/TSC.2016.264636313:1(16-29)Online publication date: 1-Jan-2020
https://doi.org/10.1109/TSC.2016.2646363
Lounis KZulkernine M(2020)Attacks and Defenses in Short-Range Wireless Technologies for IoTIEEE Access10.1109/ACCESS.2020.29935538(88892-88932)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2993553
Abdallah ARazak SGhalib F(2019)Deauthentication and Disassociation Detection and Mitigation Scheme Using Artificial Neural NetworkEmerging Trends in Intelligent Computing and Informatics10.1007/978-3-030-33582-3_81(857-866)Online publication date: 2-Nov-2019
https://doi.org/10.1007/978-3-030-33582-3_81
Kohlios CHayajneh T(2018)A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3Electronics10.3390/electronics71102847:11(284)Online publication date: 30-Oct-2018
https://doi.org/10.3390/electronics7110284
Rahman RTomar D(2018)Security Attacks on Wireless Networks and Their Detection TechniquesEmerging Wireless Communication and Network Technologies10.1007/978-981-13-0396-8_13(241-270)Online publication date: 10-Jun-2018
https://doi.org/10.1007/978-981-13-0396-8_13
Barría CGaleazzi LAcuña ACasado C(2018)Security Evaluation in Wireless NetworksTelematics and Computing10.1007/978-3-030-03763-5_2(13-23)Online publication date: 2-Nov-2018
https://doi.org/10.1007/978-3-030-03763-5_2
Vanhoef MSchepers DPiessens FKarri RSinanoglu OSadeghi AYi X(2017)Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based TestingProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053008(360-371)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053008
Thing V(2017)IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach2017 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC.2017.7925567(1-6)Online publication date: 19-Mar-2017
https://dl.acm.org/doi/10.1109/WCNC.2017.7925567
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents