Cryptanalysis for RC4 and breaking WEP/WPA-TKIP

IEICE Transactions on Information and Systems

Volumn E94-D, Issue 11, 2011, Pages 2087-2094

  Morii, Masakatu ^a   Todo, Yosuke ^a  

^a KOBE UNIVERSITY   (Japan)

Author keywords

Cryptoanalysis; RC4; WEP; Wireless LAN network; WPA TKIP

Indexed keywords

CRIME; WI-FI; WIRELESS LOCAL AREA NETWORKS (WLAN);

CRYPTOANALYSIS; IEEE STANDARDS ASSOCIATIONS; REALISTIC ENVIRONMENTS; TEMPORAL KEY INTEGRITY PROTOCOLS; WI-FI PROTECTED ACCESS; WIRED EQUIVALENT PRIVACY; WIRELESS LAN NETWORKS; WPA-TKIP;

NETWORK SECURITY;

EID: 80155124131     PISSN: 09168532     EISSN: 17451361     Source Type: Journal    
DOI: 10.1587/transinf.E94.D.2087     Document Type: Article

References (18)

1. IEEE Computer Society, "Wireless LAN medium access control (MAC) and physical layer (PHY) specifications," IEEE Std 802.11, 1999.
2. IEEE Std 802.11i-2004, "Part11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications amendment 6: Medium access control (MAC) security enhancements," IEEE, July 2004.
3. S. Fluhrer, I. Mantin, and A. Shamir, "Weaknesses in the key scheduling algorithm of RC4," SAC2001, Lecture Notes in Computer Science, vol. 2259, pp. 1-24, Springer-Verlag, 2001.
4. Orinoco, "WEPplus white paper," Oct. 2001.
5. The Aircrack-NG Team, "Aircrack-NG." http://www.aircrack-ng. org/
6. T. Ohigashi, Y. Shiraishi, and M. Morii, "FMS attack-resistant WEP implementation is still broken-Most IVs leak a part of key information-," LNCS, vol. 3802, pp 17-26, 2005. (Pubitemid 43775222)
7. T. Ohigashi, Y. Shiraishi, and M. Morii, "New weakness in the key-scheduling algorithm of RC4," IEICE Trans. Fundamentals, vol. E91-A, no. 1, pp. 3-11, Jan. 2008.
8. E. Tews, R. Weinmann, and A. Pyshkin, "Breaking 104 bit WEP in less than 60 seconds," Cryptology ePrint, 2007, available at http://eprint.iacr.org/2007/120.pdf
9. R. Teramura, Y. Asakura, T. Ohigashi, H. Kuwakado, and M. Morii, "Fast WEP-Key recovery attack using only encrypted IP packets," IEICE Trans. Fundamentals, vol. E93-A, no. 1, pp. 164-171, Jan. 2010.
10. M. Beck and E. Tews, "Practical attacks against WEP and WPA," Proc. PacSec'08, pp. 79-85, 2008.
11. T. Ohigashi and M. Morii, "A practical message falsification attack on WPA," Proc. JWIS 2009, CDROM, 5A-4, 2009.
12. Y. Todo, T. Ohigashi, and M. Morii, "Effective falsification attack on WPA-TKIP by modifying any packet to QoS packet," Proc. JWIS 2010, CDROM, 1B-3, 2010.
13. A. Klein, "Attacks on the RC4 stream cipher," Designs, Codes and Cryptography, vol. 48, no. 3, pp. 269-286, Sept. 2008.
14. M. Vuagnoux, "News key recovery attacks on RC4/WEP," 27th Chaos Communication Congress, 2010.
15. Wi-Fi Alliance, "Wi-Fi CERTIFIEDTM for WMMTM-Support for multimedia applications with quality of service in Wi-FiR® networks," available at http://www.wi-fi.org/files/ wp 1 WMM%20QoS%20In%20Wi-Fi 9-1-04.pdf
16. KoreK, "Chopchop (Experimental WEP attacks)," 2004, available at http://www.netstumbler.org/showthread.php?t=12489
17. W.A. Arbaugh, "An inductive chosen plaintext attack against WEP/WEP2," available at http://www.cs.umd.edu/-waa/attack/ frame.htm
18. F.M. Halvorsen, O. Haugen, M. Eian, and S.F. Mjølsnes, "An improved attack on TKIP," Proc. NordSec2009, LNCS, vol. 5838, pp. 120-132, 2009.