The Fragmentation Attack in Practice
暂无分享,去创建一个
The 802.11 encryption standard Wired Equivalent Privacy (WEP) is still widely used today despite the numerous discussions on its insecurity. Although WEP definitely faces serious security problems, there is no single tool which will recover any WEP key with minimal eort from the user and in a very short amount of time. In this paper, we present a mechanism which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a single data packet. Many common WEP attacks require gathering large amounts of data before they may be performed whereas ours requires only one, making it much quicker and more practical. We implemented a fully automatic version of this attack which enables even non technical people to perform it and recover a key without eort and in a relatively short period. Hopefully this will induce people to abandon WEP as their wireless security solution—it is no longer the case that only skilled and patient attackers may recover the key in practice.
[1] John Ioannidis,et al. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.
[2] Adi Shamir,et al. Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.
[3] Ronald L. Rivest,et al. The RC4 encryption algorithm , 1992 .
[4] Stefan Savage,et al. 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.