link.springer.com

Breaking 104 Bit WEP in Less Than 60 Seconds

Abstract

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40,000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85,000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is negligible.

Preview

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bittau, A., Handley, M., Lackey, J.: The final nail in WEP’s coffin. In: IEEE Symposium on Security and Privacy, pp. 386–400. IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  2. Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: ACM MobiCom 2001, pp. 180–189. ACM Press, New York (2001)

    Google Scholar 

  3. Chaabouni, R.: Break WEP faster with statistical analysis. Technical report, EPFL, LASEC (June 2006), http://lasecwww.epfl.ch/pub/lasec/doc/cha06.pdf

  4. Dörhöfer, S.: Empirische Untersuchungen zur WLAN-Sicherheit mittels Wardriving. Diplomarbeit, RWTH Aachen (September 2006) (in German)

    Google Scholar 

  5. Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Hulton, D. (h1kari).: bsd-airtools, http://www.dachb0den.com/projects/bsd-airtools.html

  7. Klein, A.: Attacks on the RC4 stream cipher. Designs, Codes and Cryptography (submitted, 2007)

    Google Scholar 

  8. KoreK. chopchop (experimental WEP attacks) (2004), http://www.netstumbler.org/showthread.php?t=12489

  9. KoreK. Next generation of WEP attacks (2004), http://www.netstumbler.org/showpost.php?p=93942&postcount=35

  10. Maitra, S., Paul, G.: Many keystream bytes of RC4 leak secret key information. Cryptology ePrint Archive, Report2007/261(2007), http://eprint.iacr.org/

  11. Ohigashi, T., Kuwakado, H., Morii, M.: A key recovery attack on WEP with less packets (2007)

    Google Scholar 

  12. Ozasa, Y., Fujikawa, Y., Ohigashi, T., Kuwakado, H., Morii, M.: A study on the Tews, Weinmann, Pyshkin attack against WEP. In: IEICE Tech. Rep., Hokkaido, July 2007. ISEC2007-47, vol. 107, pp. 17–21 (2007) Thu, Jul 19, 2007 - Fri, Jul 20 : Future University-Hakodate (ISEC, SITE, IPSJ-CSEC)

    Google Scholar 

  13. Plummer, D.C.: RFC 826: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware (November 1982)

    Google Scholar 

  14. Postel, J.: Internet Protocol. Request for Comments (Standard) 791, Internet Engineering Task Force (September 1981)

    Google Scholar 

  15. Stubblefield, A., Ioannidis, J., Rubin, A.D.: A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Transactions on Information and System Security 7(2), 319–332 (2004)

    Article  Google Scholar 

  16. The Aircrack-NG team. Aircrack-ng suite (2007), http://www.aircrack-ng.org

  17. Vaudenay, S., Vuagnoux, M.: Passive-only key recovery attacks on RC4. In: Selected Areas in Cryptography 2007. LNCS, Springer, Heidelberg (to appear, 2007)

    Google Scholar 

  18. Wi-Fi Alliance. Wi-Fi Protected Acccess (WPA) (2003), http://www.wi-fi.org

Download references

Author information

Authors and Affiliations

  1. TU Darmstadt, FB Informatik, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Erik Tews, Ralf-Philipp Weinmann & Andrei Pyshkin

Authors

  1. Erik Tews

    You can also search for this author in PubMed Google Scholar

  2. Ralf-Philipp Weinmann

    You can also search for this author in PubMed Google Scholar

  3. Andrei Pyshkin

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, KAIST, 373-1, Guseong-dong, Yuseong-gu, 305-701, Daejeon, Korea

    Sehun Kim

  2. RSA Labs, EMC Corp. and Department of Computer Science, Columbia University,, USA

    Moti Yung

  3. Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, 447-791, Osan, Gyunggi, South Korea

    Hyung-Woo Lee

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tews, E., Weinmann, RP., Pyshkin, A. (2007). Breaking 104 Bit WEP in Less Than 60 Seconds. In: Kim, S., Yung, M., Lee, HW. (eds) Information Security Applications. WISA 2007. Lecture Notes in Computer Science, vol 4867. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77535-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77535-5_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77534-8

  • Online ISBN: 978-3-540-77535-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us