Wireless Research

This page is currently under construction as we begin a wireless research effort here at College Park.  Please bear with us.

802.11 Security Vulnerabilities

A number of security vulnerabilities have been identified by ourselves and other researchers. Links to the orginal papers/presentations are provided below in chronological order:

  1. (October 2000) Jesse Walker was on of the first people to identify several of the problems in WEP. Jesse wrote a paper for the 802.11 committee entitled "Unsafe at any key size; An Analysis of the WEP encapsulation" (This document is a zipped MS Word document).
  2. (January 2001) Researchers at the University of California at Berkely independently released a paper describing the problems with WEP. Their web page can be found here.
  3. (March 2001) Jesse also made a presentation to the 802.15.3 committee describing some of the problems with security in 802.11. That presentation, entitled Overview of 802.11 Security, can be found here.
  4. (March 2001) Independently, we found several problems with the access control and authentication mechanisms used in the 802.11 standard. Our paper was entitled  "Your 802.11 network has no clothes".
  5. (May 2001) Recently, we found a new cryptographic attack against both WEP and WEP2 (a proposed enhancement to WEP) that works regardless of the IV size, and we presented our findings to the 802.11 subgroup on security at the May 2001 Orlando meeting. The presentation is entitled "An Inductive Chosen Plaintext Attack Against WEP/WEP2". You'll note that I used one or two of Jesse's slides with permission.
  6. (June 2001) Tim Newsham found a problem in the algorithm that some vendors used to automatically generate WEP keys. He also built code to perform dictionary attacks against WEP intercepted traffic. His web site is here.
  7. (August 2001) Scott Fluhrer, Itsik Mantin, and Adi Shamir find a flaw in the RC4 key setup algorithm which results in a total recovery of the secret key. Implementing the attack requires the collection of traffic passively. Their paper is here.
  8. (February 2002) Arunesh Mishra and I describe several design flaws in the combination of the IEEE 802.1X and IEEE 802.11 protocols that permit man-in-the-middle and session hijacking attacks. Our paper An Initial Security Analysis of the IEEE 802.1X Protocol is here.

MISSL's Infrastructure Wireless HOWTO's