Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Practical attacks against WEP and WPA

Erik Tews, Martin Beck
2009 Proceedings of the second ACM conference on Wireless network security - WiSec '09  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (185.4 kB)
https://web.archive.org/web/20090105133522/http://milw0rm.org:80/papers/download/250

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2009; you can also visit the original URL. The file type is application/pdf.

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs[2]. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used. The attack works if the network is using TKIP to encrypt the traffic.
more » ... n attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.
doi:10.1145/1514274.1514286 dblp:conf/wisec/TewsB09 fatcat:5gvjcqsvtfbkvofvpl4tvtagxu
Citation

Erik Tews, Martin Beck. "Practical attacks against WEP and WPA." Proceedings of the second ACM conference on Wireless network security - WiSec '09 (2009) 79-86