Practical Attacks Against WEP and WPA

Erik Tews; Martin Beck

doi:10.1145/1514274.1514286

Practical Attacks Against WEP and WPA

Erik Tews, Martin Beck

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Chapter

116 Citations (Scopus)

Abstract

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs2. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

Original language	English
Title of host publication	Proceedings of the second ACM conference on Wireless network security
Pages	79-85
Number of pages	7
DOIs	https://doi.org/10.1145/1514274.1514286
Publication status	Published - 2009

Publication series

Name	Proceedings of the second ACM conference on Wireless network security

Keywords

802.11
RC4
TKIP
WAP
WLAN
WPA
cryptanalysis

Access to Document

10.1145/1514274.1514286

Cite this

@inbook{741949182a0343d4a689a27a429e4c43,

title = "Practical Attacks Against WEP and WPA",

abstract = "In this paper, we describe two attacks on IEEE 802.11 based wireless LANs2. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.",

keywords = "802.11, RC4, TKIP, WAP, WLAN, WPA, cryptanalysis",

author = "Erik Tews and Martin Beck",

year = "2009",

doi = "10.1145/1514274.1514286",

language = "English",

isbn = "9781605584607",

series = "Proceedings of the second ACM conference on Wireless network security",

pages = "79--85",

booktitle = "Proceedings of the second ACM conference on Wireless network security",

}

TY - CHAP

T1 - Practical Attacks Against WEP and WPA

AU - Tews, Erik

AU - Beck, Martin

PY - 2009

Y1 - 2009

N2 - In this paper, we describe two attacks on IEEE 802.11 based wireless LANs2. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

AB - In this paper, we describe two attacks on IEEE 802.11 based wireless LANs2. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

KW - 802.11

KW - RC4

KW - TKIP

KW - WAP

KW - WLAN

KW - WPA

KW - cryptanalysis

U2 - 10.1145/1514274.1514286

DO - 10.1145/1514274.1514286

M3 - Chapter

SN - 9781605584607

T3 - Proceedings of the second ACM conference on Wireless network security

SP - 79

EP - 85

BT - Proceedings of the second ACM conference on Wireless network security

ER -

Practical Attacks Against WEP and WPA

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Cite this