This paper discusses more inherent flaws with the WEP protocol and as
the title suggests, it presents many coherent arguments to stop its use.
   The paper starts by explaining the basic algorithm that WEP uses to
encrypt data. Then shows that this is still a problem because WEP is
widely deployed due to legacy hardware.
   In addition the paper goes on to talk about common attacks to WEP,
namely brute force, key stream reuse, and weak IV attacks. The paper the
outlines their main contributions, including a way to exploit
fragmentation to send arbitrary data on the network.
   The first attack they mention uses knowledge of the first bytes of
the encrypted packet. Since the packet is virtually constant, one can
preform and xor with the clear text and the cypher text to determine 8
bytes of the key stream, this can be used to send data on the network.
   They then describe the fragmentation attack which can be used to
send 64 bytes of arbitrary data on the network. The authors state that
because this can be done at such a rapid rate even re keying every hour
will not be sufficient to mitigate this attack. They expand on the idea
that they can obtain the 1500 bytes of key stream by sending 34
fragments. They then describe the process of building an entire IV
dictionary for use on the network with (16Million) packets.
   The authors then discuss that often attacks sound great on paper but
are not feasible in practice (or reliable). They construct experiments
to determine the validity of their arguments. They then discuss their
experimental setup as well as the necessary hardware to do the launch
the attack. They developed a tool, called wesside that attempts to
automatically exploit and crack WEP keys in conjunction with AirCrack.
They then present their results regarding the experiments (in several
situations) and conclude that WEP is absolutely unacceptable as a means
to secure a network.

Vote

Accept: All accept except Adam

Reject: 1 Adam didn't feel like reading it