Fast WEP-Key Recovery Attack Using Only Encrypted IP Packets

Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36, 500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 220 computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.

[1]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[2]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[3]  Kazukuni Kobara,et al.  IVs to Skip for Immunizing WEP against FMS Attack , 2008, IEICE Trans. Commun..

[4]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..