Concepedia

Publication | Closed Access

Using the Fluhrer, Mantin, and Shamir Attack to Break {WEP}

317

Citations

4

References

2002

Year

Adam Stubblefield, John P. A. Ioannidis, Aviel D. Rubin

Unknown Venue

TLDR

The attack was described in a recent paper by Fluhrer, Mantin, and Shamir, and it exploits the WEP standard’s improper use of RC4 IVs. The paper aims to describe the Fluhrer–Mantin–Shamir attack, detail its implementation, and present optimizations to improve efficiency. We implemented the attack against WEP on 802.11 networks, detailing the steps and optimizations used. Our implementation successfully recovered a 128‑bit WEP key from a production network using a passive attack, confirming that 802.11 WEP is totally insecure and prompting recommendations.

Abstract

We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exploits this design failure. This paper describes the attack, how we implemented it, and some optimizations to make the attack more efficient. We conclude that 802.11 WEP is totally insecure, and we provide some recommendations.

References

YearCitations

Page 1