ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Practical attacks against WEP and WPA
Full text PdfPdf (484 KB)
Source
Conference On Wireless Network Security archive
Proceedings of the second ACM conference on Wireless network security table of contents
Zurich, Switzerland
SESSION: Attacks table of contents
Pages 79-86  
Year of Publication: 2009
ISBN:978-1-60558-460-7
Authors
Erik Tews  TU-Darmstadt, Darmstadt, Germany
Martin Beck  TU-Dresden, Dresden, Germany
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 110,   Downloads (12 Months): 387,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1514274.1514286
What is a DOI?

ABSTRACT

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre-shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Andrea Bittau , Mark Handley , Joshua Lackey, The Final Nail in WEP's Coffin, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.386-400, May 21-24, 2006  [doi>10.1109/SP.2006.40]
 
2
IEEE-SA Standards Board. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Communications Magazine, IEEE, 2007.
 
3
Rafik Chaabouni. Break WEP faster with statistical analysis. Technical report, EPFL, LASEC, June 2006.
 
4
Scott R. Fluhrer , Itsik Mantin , Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4, Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, p.1-24, August 16-17, 2001
 
5
David Hulton. Practical exploitation of RC4 weakness in WEP environments, 2002. presented at HiverCon 2002.
 
6
Robert J. Jenkins. Isaac and rc4. {http://burtleburtle.net/bob/rand/isaac.html, 1996.
 
7
Andreas Klein, Attacks on the RC4 stream cipher, Designs, Codes and Cryptography, v.48 n.3, p.269-286, September 2008  [doi>10.1007/s10623-008-9206-6]
 
8
KoreK. chopchop (experimental WEP attacks). http://www.netstumbler.org/showthread.php?t=12489, 2004.
 
9
KoreK. Next generation of WEP attacks? http://www.netstumbler.org/showpost.php?p=93942&postcount=35, 2004.
 
10
Yuko Ozasa, Yoshiaki Fujikawa, Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii. A study on the Tews, Weinmann, Pyshkin attack against WEP. In IEICE Tech. Rep., volume 107 of ISEC2007-47, pages 17--21, Hokkaido, July 2007. Thu, Jul 19, 2007 - Fri, Jul 20 : Future University-Hakodate (ISEC, SITE, IPSJ-CSEC).
 
11
D. C. Plummer, Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware, RFC Editor, 1982
 
12
David Sterndark. Rc4 algorithm revealed. Usenet posting, Message-ID: sternCvKL4B.Hyy@netcom.com, Sep 1994.
13
Adam Stubblefield , John Ioannidis , Aviel D. Rubin, A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP), ACM Transactions on Information and System Security (TISSEC), v.7 n.2, p.319-332, May 2004  [doi>10.1145/996943.996948]
 
14
Erik Tews. Attacks on the wep protocol. Cryptology ePrint Archive, Report 2007/471, 2007. http://eprint.iacr.org/.
 
15
Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin. Breaking 104 bit wep in less than 60 seconds. In Sehun Kim, Moti Yung, and Hyung-Woo Lee, editors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 188--202. Springer, 2007.
 
16
Serge Vaudenay and Martin Vuagnoux. Passive-only key recovery attacks on RC4. In Selected Areas in Cryptography 2007, Lecture Notes in Computer Science. Springer, 2007.

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Code breaking


General Terms:
Security


Keywords:
802.11, cryptanalysis, rc4, tkip, wep, wlan, wpa

Collaborative Colleagues:
Erik Tews: colleagues
Martin Beck: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player