Abstract:
The 802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, used to protect link-layer communications from eavesdropping and other attacks. We have discovered several serious security flaws in the protocol, stemming from misapplication of cryptographic primitives. The flaws lead to a number of practical attacks that demonstrate that WEP fails to achieve its security goals. In this paper, we discuss in detail each of the flaws, the underlying security principle violations, and the ensuing attacks. 1
Citations
|
834
|
Security architecture for the Internet protocol
– Kent, Atkinson
- 1998
|
|
308
|
Differential Power Analysis
– Kocher, Jaffe, et al.
- 1999
|
|
200
|
The RC5 encryption algorithm
– Rivest
- 1995
|
|
171
|
HMAC: Keyed-Hashing for Message Authentication
– Krawczyk, Bellare, et al.
- 1997
|
|
69
|
Problem areas for the IP security protocols
– Bellovin
- 1996
|
|
58
|
Analysis of the SSL 3.0 protocol
– Wagner, Schneier
- 1996
|
|
52
|
On message integrity in cryptographic protocols
– Stubblebine, Gligor
- 1992
|
|
47
|
Standards Committee of the IEEE Computer Society, “Information technology - telecommunications and information exchange between systems - local and metropolitan area networks - specific requirements - part 11: Wireless LAN medium access control (MAC) and
– MAN
- 1999
|
|
33
|
Cryptanalysis of Microsoft’s point-to-point tunnelling Protocol (PPTP
– Schneier, Mudge
- 1998
|
|
26
|
Cryptanalysis of Diffie-Hellman, RSA, DSS, and other cryptosystems using timing attacks
– Kocher
- 1995
|
|
21
|
Incremental Updating of the Internet Checksum
– Mallory, Kullberg
- 1990
|
|
13
|
Automated cryptanalysis of xor plaintext strings
– Dawson, Nielsen
- 1996
|
|
7
|
The code book: the evolution of secrecy from Mary, Queen of Scots, to quantum cryptography
– Singh
- 1999
|
|
6
|
Computing the internet checksum. Internet Request for Comments RFC 1071, Internet Engineering Task Force
– Braden, Borman, et al.
- 1988
|
|
4
|
SSL challenge virtual press conference. http://pauillac.inria.fr/˜doligez /ssl/press-conf.html
– Doligez
- 1995
|
|
3
|
Netscape’s export SSL broken by 120 workstations and one student. HPCwire
– Beck
- 1995
|
|
3
|
A transcript of Tutte’s
– FISH, I
- 1998
|
