WEP Vulnerabilities and Attacks

by Alex Blank

Abstract

The Wired Equivalent Privacy algorithm, sometimes incorrectly referred to as the Wireless Encryption Protocol, is a method of securing IEEE 802.11 wireless internet connections. It was introduced in 1997 and became the standard for wireless security. Over the next several years, however, the WEP protocol and its underlying cryptographic primitives were scrutinized and consequently revealed to be vulnerable on a number of levels. Numerous attacks were formulated to exploit these weaknesses and demonstrate the insecurity of WEP. It was superseded by the current standard, WPA, in 2004; nevertheless, the transition away from usage of WEP has been slow, leaving many networks open to easy intrusion. This paper will describe the vulnerabilities of WEP as well as give an account of several available attacks.

paper

slides

References

[1] Intercepting Mobile Communications: The Insecurity of 802.11 (Borisov, Goldberg, Wagner), 2001
[2] Breaking 104 bit WEP in less than 60 seconds (Tews, Weinmann, Pyshkin), 2007
[3] Attacks on the WEP protocol (Tews), 2007
[4] The Final Nail in WEP's Coffin (Bittau, Handley, Lackey), 2006
[5] Practical Attacks Against WEP and WPA (Tews, Beck), 2008
[6] Weaknesses in the Key Scheduling Algorithm of RC4 (Fluhrer, Mantin, Shamir), 2001
[7] TJ MAXX Update : Weak Wi-Fi Encryption (WEP) To Blame For The Security Breach (Max), 2007