Practical Attacks Against WEP and WPA

Erik Tews, Martin Beck

Research output: Chapter in Book/Report/Conference proceedingChapter

116 Citations (Scopus)


In this paper, we describe two attacks on IEEE 802.11 based wireless LANs2. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.
Original languageEnglish
Title of host publicationProceedings of the second ACM conference on Wireless network security
Number of pages7
Publication statusPublished - 2009

Publication series

NameProceedings of the second ACM conference on Wireless network security


  • 802.11
  • RC4
  • TKIP
  • WAP
  • WLAN
  • WPA
  • cryptanalysis


Dive into the research topics of 'Practical Attacks Against WEP and WPA'. Together they form a unique fingerprint.

Cite this