The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basically be prevented by skipping certain IVs (Initial Values) called weak IVs, but the problem is that there exist huge amount of key-dependent weak IVs and the patterns of them have not been fully identified yet. The difficult part is that a naive approach to identify the key-dependent weak IVs requires the exhaustive search of IVs and WEP keys, and hence is infeasible. On the other hand, it might be feasible to skip the key-dependent weak IVs for the currently set WEP key but this reveals information on the WEP key from the skipped patterns. To skip them safely, the patterns of the key-dependent weak IVs must be identified in the first place. In this paper, we analyze the famous condition for IVs and WEP keys to be weak in the FMS attack, i.e. 0≤S[1]≤t'<t and S[1]+S[S[1]]=t (cf. Sect. 2.3 for more details), and then trace it back to the patterns of IVs and WEP keys theoretically. Once such patterns are obtained, their safe skip patterns can be obtained by using them.
RC4, WEP, IEEE802.11, WLAN, FMS attack
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Kazukuni KOBARA, Hideki IMAI, "Key-Dependent Weak IVs and Weak Keys in WEP--How to Trace Conditions Back to Their Patterns--" in IEICE TRANSACTIONS on Fundamentals,
vol. E89-A, no. 8, pp. 2198-2206, August 2006, doi: 10.1093/ietfec/e89-a.8.2198.
Abstract: The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basically be prevented by skipping certain IVs (Initial Values) called weak IVs, but the problem is that there exist huge amount of key-dependent weak IVs and the patterns of them have not been fully identified yet. The difficult part is that a naive approach to identify the key-dependent weak IVs requires the exhaustive search of IVs and WEP keys, and hence is infeasible. On the other hand, it might be feasible to skip the key-dependent weak IVs for the currently set WEP key but this reveals information on the WEP key from the skipped patterns. To skip them safely, the patterns of the key-dependent weak IVs must be identified in the first place. In this paper, we analyze the famous condition for IVs and WEP keys to be weak in the FMS attack, i.e. 0≤S[1]≤t'<t and S[1]+S[S[1]]=t (cf. Sect. 2.3 for more details), and then trace it back to the patterns of IVs and WEP keys theoretically. Once such patterns are obtained, their safe skip patterns can be obtained by using them.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e89-a.8.2198/_p
Copy
@ARTICLE{e89-a_8_2198,
author={Kazukuni KOBARA, Hideki IMAI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Key-Dependent Weak IVs and Weak Keys in WEP--How to Trace Conditions Back to Their Patterns--},
year={2006},
volume={E89-A},
number={8},
pages={2198-2206},
abstract={The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basically be prevented by skipping certain IVs (Initial Values) called weak IVs, but the problem is that there exist huge amount of key-dependent weak IVs and the patterns of them have not been fully identified yet. The difficult part is that a naive approach to identify the key-dependent weak IVs requires the exhaustive search of IVs and WEP keys, and hence is infeasible. On the other hand, it might be feasible to skip the key-dependent weak IVs for the currently set WEP key but this reveals information on the WEP key from the skipped patterns. To skip them safely, the patterns of the key-dependent weak IVs must be identified in the first place. In this paper, we analyze the famous condition for IVs and WEP keys to be weak in the FMS attack, i.e. 0≤S[1]≤t'<t and S[1]+S[S[1]]=t (cf. Sect. 2.3 for more details), and then trace it back to the patterns of IVs and WEP keys theoretically. Once such patterns are obtained, their safe skip patterns can be obtained by using them.},
keywords={},
doi={10.1093/ietfec/e89-a.8.2198},
ISSN={1745-1337},
month={August},}
Copy
TY - JOUR
TI - Key-Dependent Weak IVs and Weak Keys in WEP--How to Trace Conditions Back to Their Patterns--
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2198
EP - 2206
AU - Kazukuni KOBARA
AU - Hideki IMAI
PY - 2006
DO - 10.1093/ietfec/e89-a.8.2198
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E89-A
IS - 8
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - August 2006
AB - The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basically be prevented by skipping certain IVs (Initial Values) called weak IVs, but the problem is that there exist huge amount of key-dependent weak IVs and the patterns of them have not been fully identified yet. The difficult part is that a naive approach to identify the key-dependent weak IVs requires the exhaustive search of IVs and WEP keys, and hence is infeasible. On the other hand, it might be feasible to skip the key-dependent weak IVs for the currently set WEP key but this reveals information on the WEP key from the skipped patterns. To skip them safely, the patterns of the key-dependent weak IVs must be identified in the first place. In this paper, we analyze the famous condition for IVs and WEP keys to be weak in the FMS attack, i.e. 0≤S[1]≤t'<t and S[1]+S[S[1]]=t (cf. Sect. 2.3 for more details), and then trace it back to the patterns of IVs and WEP keys theoretically. Once such patterns are obtained, their safe skip patterns can be obtained by using them.
ER -