Smashing WEP in a Passive Attack

  • Pouyan Sepehrdad
  • Petr Sušil
  • Serge Vaudenay
  • Martin Vuagnoux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)

Abstract

In this paper, we report extremely fast and optimised active and passive attacks against the old IEEE 802.11 wireless communication protocol WEP. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimisation of all the former known attacks and methodologies against RC4 stream cipher in WEP mode. We support all our claims by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attacks improve its success probability drastically. We adapt our theoretical analysis in Eurocrypt 2011 to real-world scenarios and we perform a slight adjustment to match the empirical observations. Our active attack, based on ARP injection, requires \(22\,500\) packets to gain success probability of \(50\,\%\) against a \(104\)-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than \(5\) s on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around \(3\,\%\) success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires \(27\,500\) packets. This is much less than the number of packets Aircrack-ng requires in active mode (around \(37\,500\)), which is a huge improvement. We believe that our analysis brings on further insight to the security of RC4.

References

  1. 1.
    Anscombe, F.J.: Sampling theory of the negative binomial and logarithmic series distributions. Biometrika 37(3–4), 358–382 (1950)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Beck, M., Tews, E.: Practical attacks against WEP and WPA. In: WISEC, pp. 79–86. ACM (2009)Google Scholar
  3. 3.
    Bliss, C.I., Fisher, R.A.: Fitting the negative binomial distribution to biological data. Biometrika 9, 176–200 (1953)CrossRefGoogle Scholar
  4. 4.
    Chaabouni, R.: Break WEP Faster with Statistical Analysis. Semester Project. EPFL, Switzerland (2006)Google Scholar
  5. 5.
    Devine, C., Otreppe, T.: Aircrack-ng. http://www.aircrack-ng.org/. Accessed 22 October 2011
  6. 6.
    Feller, W.: On a general class of “contagious” distributions. Ann. Math. Stat. 14, 389–400 (1943)CrossRefMATHMathSciNetGoogle Scholar
  7. 7.
    Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  8. 8.
    IEEE. IEEE Std 802.11, Standards for Local and Metropolitan Area Networks: Wireless Lan Medium Access Control (MAC) and Physical Layer (PHY) Specifications (1999)Google Scholar
  9. 9.
    IEEE. ANSI/IEEE standard 802.11i, Amendment 6 Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3 (2003)Google Scholar
  10. 10.
    Jenkins, R.: ISAAC and RC4 (1996). http://burtleburtle.net/bob/rand/isaac.html
  11. 11.
    Klein, A.: Attacks on the RC4 Stream Cipher. Des. Codes Crypt. 48, 269–286 (2008)CrossRefMATHGoogle Scholar
  12. 12.
    Korek. chopchop (experimental WEP attacks) (2004). http://www.netstumbler.org/showthread.php?t=12489
  13. 13.
  14. 14.
    Korek. Next Generation of WEP Attacks? (2004). http://www.netstumbler.org/showpost.php?p=93942&postcount=35
  15. 15.
    Maitra, S., Paul, G.: New form of permutation bias and secret key leakage in keystream bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  16. 16.
    Mantin, I.: Analysis of the stream cipher RC4. Master’s thesis, Weizmann Institute of Science (2001)Google Scholar
  17. 17.
    Maximov, A.: Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  18. 18.
    Neyman, J.: On a new class of “contagious” distributions, applicable in entomology and bacteriology. Ann. Math. Stat. 10, 35–57 (1939)CrossRefGoogle Scholar
  19. 19.
    Nocedal, J., Wright, S.J.: Numerical Optimization. Springer Series in Operations Research, 2nd edn. Springer, New York (2006)MATHGoogle Scholar
  20. 20.
    Paul, G., Maitra, S.: Permutation after RC4 key scheduling reveals the secret key. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  21. 21.
    Postel, J., Reynolds, J.: A standard for the transmission of IP datagrams over IEEE 802 networks (1988). http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys
  22. 22.
    Roos, A.: A Class of Weak Keys in RC4 Stream Cipher (sci.crypt) (1995). http://marcel.wanda.ch/Archive/WeakKeys
  23. 23.
    Gupta, S.S., Maitra, S., Paul, G., Sarkar, S.: (Non)Random sequences from (Non)Random permutations - analysis of RC4 stream cipher. J. Crypt. 27(1), 67–108 (2012)Google Scholar
  24. 24.
    Sepehrdad, P.: Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-lightweight Symmetric Primitives. Ph.D. thesis, EPFL, Switzerland (2012)Google Scholar
  25. 25.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and exploitation of new biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  26. 26.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Statistical attack on RC4: Distinguishing WPA. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 343–363. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  27. 27.
    Stubblefield, A., Ioannidis, J., Rubin, A.D.: Using the Fluhrer, Mantin, and Shamir attack to break WEP. In: Network and Distributed System Security Symposium (NDSS) (2002)Google Scholar
  28. 28.
    Stubblefield, A., Ioannidis, J., Rubin, A.D.: A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). In: ACM Transactions on Information and System Security (TISSEC), vol. 7(2) (2004)Google Scholar
  29. 29.
    Student. On the error of counting with a haemocytometer. Biometrika 5, 351–360 (1907)Google Scholar
  30. 30.
    Tews, E.: Attacks on the WEP protocol. Cryptology ePrint Archive (2007). http://eprint.iacr.org/2007/471.pdf
  31. 31.
    Tews, E., Weinmann, R.-P., Pyshkin, A.: Breaking 104 bit WEP in less than 60 seconds. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 188–202. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  32. 32.
    Thom, H.C.S.: The frequency of hail occurrence. Theoret. Appl. Climatol. 8, 185–194 (1957)Google Scholar
  33. 33.
    Thom, H.C.S.: Tornado Probabilities. In: American Meteorological Society, pp. 730–736 (1963)Google Scholar
  34. 34.
    Vaudenay, S., Vuagnoux, M.: Passive–only key recovery attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  35. 35.
    Whitaker, L.: On the Poisson law of small numbers. Biometrika 10, 36–71 (1914)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Pouyan Sepehrdad
    • 1
  • Petr Sušil
    • 2
  • Serge Vaudenay
    • 2
  • Martin Vuagnoux
    • 3
  1. 1.Intel CRI-SC at TU-DarmstadtDarmstadtGermany
  2. 2.EPFLLausanneSwitzerland
  3. 3.base23 SAGenevaSwitzerland

Personalised recommendations