Decrypting wireless (802.11) packets when you know the cleartext

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

We’ve seen that WEP for wireless was terrible. The 802.11 (wi-fi)
wireless data networking folks have addressed the shortcomings with WEP
by applying newer methods such as WPA (Wi-Fi Protected Access) versions
1 and 2. The newer techniques are accepted as secure because the
algorithms are secure. I don't question the algorithms, but I do
question the application. Specifically, in Wi-Fi, each data packet is
encrypted. However, even though I cannot break the encryption, I can
determine some of the clear text of the packets just by looking at them.
For instance, almost every packet will be an IP packet. In every IP
packet, certain bits are always the same. In addition, if I have
captured a stream of packets, I can infer what certain packet types are
by when they occur in the stream, and their length. So, for example, I
can identify a DHCP packet and subsequent response. Or, I can identify a
TCP 3-way handshake. And, every IP packet has a two byte length field,
which I can determine simply by the length of the packet in the sniffer
trace. All of this allows me to know what parts of the packets are in
clear text, even if I cannot decrypt them. A typical packet stream
consists of hundreds or thousands of packets (samples), each encrypted
using the same algorithm. And in all of them, a number of the bits and
bit sequences are predictable. My questions are, "Does knowing portions
of the clear text provide an opportunity in decryption?" and “Is there
any relevant research in this area?”

Re: Decrypting wireless (802.11) packets when you know the cleartext

..                        "Does knowing portions
Quoted text here. Click to load it

That's one of the reasons WEP was broken.

Look for "known plaintext" attacks; it's a well researched
subject.  Modern ciphers resist such attacjks.

Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Re: Decrypting wireless (802.11) packets when you know the cleartext

Quoted text here. Click to load it

I think we can use block chaining technique to overcome this problem

Re: Decrypting wireless (802.11) packets when you know the cleartext

Kevin wrote:
Quoted text here. Click to load it

I checked a sniffer trace of a wireless (WPA-PSK) connection. After the
first few packets, the PC issued a DHCP request. This was the first
packet longer than 300 bytes, and was several seconds after the wireless
handshake. This packet is very predictable.

- The first 32 bytes will always be the same.
- The next 4 bytes are unpredictable.
- The next 227 bytes are predictable, and are mostly '00'x.

With just a few sample traces of known traffic to learn the patterns,
it's pretty easy to look at a trace of encrypted data and pick out the
various packets.

It just doesn't seem possible that this kind of thing can't be used as a
basis for an exploit.

Re: Decrypting wireless (802.11) packets when you know the cleartext

samson schrieb:
Quoted text here. Click to load it

With WEP, this exposure has been exploited to replay packets. In
contrast to WEP, however, WPA encryption has an Initial vector (IV)
space of 48 bit, and an IV increment is enforced for each packet. This
gives you 2.8 * 10 ^ 14 IVs (packets) before an overrun could take
place. Also in contrast to WEP, WPA does not accept replays of packets
with an outdated (i.e. already used) IV. So known plaintext attacks in
the way they were used to compromise WEP are useless.

Of course, you never know whether there could arise new (currently
unknown) attacks that would compromise WPA. In general, I feel a little
better with AES-CCM as crypto algorithm (optional for WPA, mandatory for
WPA2 = IEEE 802.11i) rather than with RC4 (default with WPA). However,
when applied properly, RC4 still is a secure algorithm (which is the
most popular algorithm in SSL).

Generally, in contrast to WEP, WPA has been designed by renowned
cryptographers using state-of-the-art knowledge.


Michael Schmidt
University of Siegen, Germany
e-mail: schmidt _at_

Site Timeline