Nikita Borisov
Ian Goldberg
ABSTRACT
The 802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, used to protect link-layer communications from eavesdropping and other attacks. We have discovered several serious security flaws in the protocol, stemming from mis-application of cryptographic primitives. The flaws lead to a number of practical attacks that demonstrate that WEP fails to achieve its security goals. In this paper, we discuss in detail each of the flaws, the underlying security principle violations, and the ensuing attacks.
- 1.W. A. Arbaugh. An inductive chosen plaintext attack against WEP/WEP2. IEEE Document 802.11-01/230, May 2001.]]Google Scholar
- 2.W. A. Arbaugh, N. Shankar, and Y. J. Wan. Your 802.11 wireless network has no clothes. http://www.cs.umd.edu/~waa/wireless.pdf, Mar. 2001.]]Google Scholar
- 3.A. Beck. Netscape's export SSL broken by 120 workstations and one student. HPCwire, Aug. 22 1995.]]Google Scholar
- 4.S. M. Bellovin. Problem areas for the IP security protocols. In 6th USENIX Security Symposium, San Jose, California, July 1996. USENIX.]] Google ScholarDigital Library
- 5.B. Braden, D. Borman, and C. Partridge. Computing the internet checksum. Internet Request for Comments RFC 1071, Internet Engineering Task Force, Sept. 1988.]] Google ScholarDigital Library
- 6.Core SDI. crc32 compensation attack against ssh-1.5. http://www.core-sdi. com/soft/ssh/attack.txt, July 1998.]]Google Scholar
- 7.E. Dawson and L. Nielsen. Automated cryptanalysis of XOR plaintext strings. Cryptologia, (2):165-181, Apr. 1996.]]Google Scholar
- 8.D. Doligez. SSL challenge virtual press conference. http://pauillac.inria.fr/~doligez /ssl/press-conf.html, 1995.]]Google Scholar
- 9.R. Jueneman, S. Matyas, and C. Meyer. Message authentication. IEEE Communications Magazine, 23(9):29-40, Sept. 1985.]]Google ScholarDigital Library
- 10.S. Kent and R. Atkinson. Security architecture for the Internet Protocol. Internet Request for Comment RFC 2401, Internet Engineering Task Force, Nov. 1998.]] Google ScholarDigital Library
- 11.P. Kocher. Cryptanalysis of Diffie-Hellman, RSA, DSS, and other cryptosystems using timing attacks. In D. Coppersmith, editor, Advances in cryptology, CRYPTO '95: 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27-31, 1995: proceedings, pages 171-183. Springer-Verlag, 1995.]]Google Scholar
- 12.P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Proc. 19th International Advances in Cryptology Conference - CRYPTO '99, pages 388-397, 1999.]] Google ScholarDigital Library
- 13.H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. RFC 2104, Feb. 1997.]] Google ScholarDigital Library
- 14.T. Mallory and A. Kullberg. Incremental updating of the internet checksum. Internet Request for Comments RFC 1141, Internet Engineering Task Force, Jan. 1990.]] Google ScholarDigital Library
- 15.L. M. S. C. of the IEEE Computer Society. Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Standard 802.11, 1999 Edition, 1999.]]Google Scholar
- 16.R. L. Rivest. The RC4 Encryption Algorithm. RSA Data Security, Inc., Mar. 12, 1992. (Proprietary).]]Google Scholar
- 17.B. Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley and Sons, Inc., New York, NY, USA, second edition, 1996.]] Google ScholarDigital Library
- 18.B. Schneier and Mudge. Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP). In 5th ACM Conference on Computer and Communications Security, pages 132-140, San Francisco, California, Nov. 1998. ACM Press.]] Google ScholarDigital Library
- 19.D. Simon, B. Aboba, and T. Moore. IEEE 802.11 security and 802.1X. IEEE Document 802.11-00/034r1, Mar. 2000.]]Google Scholar
- 20.S. Singh. The code book: the evolution of secrecy from Mary, Queen of Scots, to quantum cryptography. Doubleday, New York, NY, USA, 1999.]] Google ScholarDigital Library
- 21.S. G. Stubblebine and V. D. Gligor. On message integrity in cryptographic protocols. In Proc. IEEE Symposium on Research in Security and Privacy, pages 85-105, 1992.]] Google ScholarDigital Library
- 22.W. Tutte. FISH and I, 1998. A transcript of Tutte's June 19, 1998 lecture at the University of Waterloo.]]Google Scholar
- 23.D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (EC-96), pages 29-40, Berkeley, Nov. 18-21 1996. USENIX Association.]] Google ScholarDigital Library
- 24.J. R. Walker. Unsafe at any key size; an analysis of the WEP encapsulation. IEEE Document 802.11-00/362, Oct. 2000.]]Google Scholar
Index Terms
- Intercepting mobile communications: the insecurity of 802.11
Recommendations
A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications
Many peer-to-peer security protocols proposed for wireless communications use one-time shared secrets for authentication purposes. This paper analyses online update mechanisms for one-time shared secrets. A new type of attack against update mechanisms, ...
Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications
The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security ...
Comments