Fast WEP-Key Recovery Attack Using Only Encrypted IP Packets

Ryoichi TERAMURA  Yasuo ASAKURA  Toshihiro OHIGASHI  Hidenori KUWAKADO  Masakatu MORII  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E93-A   No.1   pp.164-171
Publication Date: 2010/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E93.A.164
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Cryptanalysis
cryptanalysis,  RC4,  WEP,  IEEE 802.11,  wireless LAN,  IP packet,  

Full Text: PDF(832.3KB)>>
Buy this Article

Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36,500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 220 computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.