Paper 2008/472

Practical attacks against WEP and WPA

Martin Beck and Erik Tews

Abstract

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
wepwpatkiprc4korekkleinptwwpa2michael
Contact author(s)
e_tews @ cdc informatik tu-darmstadt de
History
2008-11-18: received
Short URL
https://ia.cr/2008/472
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/472,
      author = {Martin Beck and Erik Tews},
      title = {Practical attacks against {WEP} and {WPA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/472},
      year = {2008},
      url = {https://eprint.iacr.org/2008/472}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.