ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)
Full text PdfPdf (207 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 7 ,  Issue 2  (May 2004) table of contents
Pages: 319 - 332  
Year of Publication: 2004
ISSN:1094-9224
Authors
Adam Stubblefield  Johns Hopkins University, Baltimore, MD
John Ioannidis  AT&T Labs--Research
Aviel D. Rubin  Johns Hopkins University, Baltimore, MD
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 34,   Downloads (12 Months): 239,   Citation Count: 12
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/996943.996948
What is a DOI?

ABSTRACT

In this paper, we present a practical key recovery attack on WEP, the link-layer security protocol for 802.11b wireless networks. The attack is based on a partial key exposure vulnerability in the RC4 stream cipher discovered by Fluhrer, Mantin, and Shamir. This paper describes how to apply this flaw to breaking WEP, our implementation of the attack, and optimizations that can be used to reduce the number of packets required for the attack. We conclude that the 802.11b WEP standard is completely insecure, and we provide recommendations on how this vulnerability could be mitigated and repaired.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Arbaugh, W. A. 2001. An inductive chosen plaintext attack against wep/wep2. IEEE Document 802.11-02/230.
 
2
Arbaugh, W. A., Shankar, N., and Wan, Y. C. J. 2001. Your 802.11 wireless network has no clothes. In IEEE International Conference on Wireless LANs and Home Networks.
3
Nikita Borisov , Ian Goldberg , David Wagner, Intercepting mobile communications: the insecurity of 802.11, Proceedings of the 7th annual international conference on Mobile computing and networking, p.180-189, July 2001, Rome, Italy  [doi>10.1145/381677.381695]
 
4
Brassard, G. 1982. On computationally secure authentication tags requiring short secret shared keys. In Crypto '82. 79--86.
 
5
Cafarelli, D. 2001. Personal communications.
 
6
Dierks, T. and Allen, C. 1999. The TLS Protocol, Version 1.0. Internet Engineering Task Force. RFC-2246, ftp://ftp.isi.edu/in-notes/rfc2246.txt.
 
7
Scott R. Fluhrer , Itsik Mantin , Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4, Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, p.1-24, August 16-17, 2001
 
8
Hamrick, M. 2001. Personal communications.
 
9
Kent, S. and Atkinson, R. 1998. Security architecture for the Internet protocol. Request for Comments 2401, Internet Engineering Task Force (Nov.).
 
10
L. M. S. C. of the IEEE Computer Society. 1999. Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Standard 802.11, 1999 Edition.
 
11
Newsham, T. 2001. Cracking WEP keys. Available from http://www.lava.net/wlan/.
 
12
Postel, J. and Reynolds, J. K. 1988. Standard for the transmission of IP data grams over IEEE 802 networks. Request for Comments 1042, Internet Engineering Task Force (Feb.).
 
13
Shamir, A. 2001. Personal communications.
 
14
Stubblefield, A., Ioannidis, J., and Rubin, A. D. 2002. Using the Fluhrer, Mantin, and Shamir attack to break WEP. In Symposium on Network and Distributed System Security.
 
15
Wegman, M. N. and Carter, J. L. 1981. New hash functions and their use in authentication and set equality. Journal of Computer System Science 22, 265--279.
 
16
Ylonen, T. 1996. SSH---secure login connections over the Internet. In USENIX Security Conference VI. 37--42.

CITED BY  12
Hamdy S. Soliman , Mohammed Omari, Application of synchronous dynamic encryption system in mobile wireless domains, Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, October 13-13, 2005, Montreal, Quebec, Canada
Kevin Richardson , John A. Hamilton, Jr. , Martin C. Carlisle, A performance analysis of the spring protocol through simulation, Proceedings of the 2007 spring simulation multiconference, p.356-361, March 25-29, 2007, Norfolk, Virginia
Weijia Jia , Dai Bin , Lin Liao, Architecture of secure cross-platform and network communications, Proceedings of the 2nd international conference on Ubiquitous information management and communication, January 31-February 01, 2008, Suwon, Korea
Wen-Chuan Hsieh , Chi-Chun Lo , Yi-Hsien Chiu, The proactive intrusion prevention for Wireless Local Area Network, International Journal of Mobile Communications, v.4 n.4, p.477-496, February 2006
Ellick M. Chan , Jeffrey C. Carlyle , Francis M. David , Reza Farivar , Roy H. Campbell, BootJacker: compromising computers using forced restarts, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Fabio Martignon , Stefano Paris , Antonio Capone, MobiSEC: a novel security architecture for wireless mesh networks, Proceedings of the 4th ACM symposium on QoS and security for wireless and mobile networks, October 27-28, 2008, Vancouver, British Columbia, Canada
Taskin Kocak , Mohit Jagetia, A WEP post-processing algorithm for a Robust 802.11 WLAN implementation, Computer Communications, v.31 n.14, p.3405-3409, September, 2008
Toshihiro Ohigashi , Yoshiaki Shiraishi , Masakatu Morii, New Weakness in the Key-Scheduling Algorithm of RC4, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, v.E91-A n.1, p.3-11, January 2008
Erik Tews , Martin Beck, Practical attacks against WEP and WPA, Proceedings of the second ACM conference on Wireless network security, March 16-19, 2009, Zurich, Switzerland
S. Chandramathi , K. V. Arunkumar , S. Deivarayan , P. Sendhil Kumar , K. Vaithiyanathan, Modified WEP key management for enhancing WLAN security, International Journal of Information and Communication Technology, v.1 n.3/4, p.437-452, March 2008
Fabio Martignon , Stefano Paris , Antonio Capone, Design and implementation of MobiSEC: A complete security architecture for wireless mesh networks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.12, p.2192-2207, August, 2009
Francesco Buccafurri , Gianluca Lax, An efficient k-anonymous localization technique for assistive environments, Proceedings of the 2nd International Conference on PErvsive Technologies Related to Assistive Environments, p.1-8, June 09-13, 2009, Corfu, Greece

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION


General Terms:
Security


Keywords:
Wireless security, wired equivalent privacy

Collaborative Colleagues:
Adam Stubblefield: colleagues
John Ioannidis: colleagues
Aviel D. Rubin: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player