Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
نویسندگان
چکیده
We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exploits this design failure. This paper describes the attack, how we implemented it, and some optimizations to make the attack more efficient. We conclude that 802.11 WEP is totally insecure, and we provide some recommendations.
منابع مشابه
IVs to Skip for Immunizing WEP against FMS Attack
The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over-the-air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The FMS attack can basically be prevented by skipping IVs (Initial Values) used in the attack, but naive ...
متن کاملKey-Dependent Weak IVs and Weak Keys in WEP - How to Trace Conditions Back to Their Patterns -
The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basicall...
متن کاملA Practical Attack on Broadcast RC4
RC4 is the most widely deployed stream cipher in software applications. In this paper we describe a major statistical weakness in RC4, which makes it trivial to distinguish between short outputs of RC4 and random strings by analyzing their second bytes. This weakness can be used to mount a practical ciphertext-only attack on RC4 in some broadcast applications, in which the same plaintext is sen...
متن کاملCube Attack in Finite Fields of Higher Order
We present in full details a version of the DinurShamir Cube Attack (Dinur & Shamir 2009) for a generic finite field of order q. In particular, when applied to multivariate monomials of degree d in k < d variables, the attack acts exactly in the same way if the selected monomial was using the degree k monomial in the same k variables.
متن کاملWeaknesses in the Key Scheduling Algorithm of RC4
In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attac...
متن کامل