论文信息 - Breaking 104 Bit WEP in Less Than 60 Seconds

Breaking 104 Bit WEP in Less Than 60 Seconds

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40,000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85,000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is negligible.

[1] Ohigashi Toshihiro,et al. A Key Recovery Attack on WEP with Less Packets , 2007 .

[2] Ohigashi Toshihiro,et al. A Study on the Tews-Weinmann-Pyshkin Attack against WEP , 2007 .

[3] Serge Vaudenay,et al. Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[4] John Ioannidis,et al. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.

[5] David C. Plummer,et al. Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[6] Andreas Klein,et al. Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[7] Adi Shamir,et al. Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[8] Mark Handley,et al. The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[9] David A. Wagner,et al. Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.