As wireless networks were being developed the need for security was a top priority. With the ratification of the IEEE 802.11 protocol in 1999, Wired Equivalent Privacy (WEP) was introduced to fulfill that need. The motivation behind WEP was to provide the same level of security that wired networks allowed protecting the integrity of the data being sent. WEP uses the RC4 stream cipher to encrypt data with a 40-bit user defined key that is salted (pre-pended) with a 24-bit initialization vector (IV). The small key size was a result of export restrictions on cryptographic technology. Within several years of release the WEP protocol was shown to be vulnerable to several attacks which could recover the shared key and hackers could access the network. WEP was soon superseded by Wi-Fi Protected Access (WPA) which was developed by the Wi-Fi Alliance to temporary replace the WEP standard as amore secure alternative. WPA implements several features that were intended to protect wireless networks against the attacks developed for WEP. WPA replaces the 40-bit key with Temporal Key Integrity Protocol (TKIP) which provides a 128-bit per packet key that is dynamically generated to prevent collisions. It also included a Message Integrity check to prevent hackers from capturing, altering, and/or resending data packets. While WPA implemented most of the IEEE 802.11i standard, it did not include everything. However, WPA was superseded by WPA2 which was fully compliant with the standard. WPA2 completely replaced the RC4 stream cipher with Counter Mode with Cipher Block Chaining Message Authentication Protocol (CCMP) which uses the Advanced Encryption Standard (AES) algorithm.
Most of the encryption based attacks on the WEP protocol rely on the weakness of the Rivest Cipher 4/Ron’s Code 4 (RC4) stream cipher. While the algorithm itself would be fairly secure since it allows for up to a 256 bit key, the implementation in WEP cripples RC4 by using only a 64-bit key. One of the main weaknesses is the relatively small IV which is only 24-bits. This limits it to around 16.7 million permutations which cause the IVs to be repeated when the network is busy. The IVs are also appended to the packet in plaintext so anyone capturing the network packets can recover one third of the key without even trying. The attack of a network will also know the plaintext of certain areas of certain packets and using this information as well as the IVs and the encrypted data they can recover the shared key. The attacker can simulate the first three rounds of the RC4 algorithm since they have the first 3 bytes of the key (the IV). Once they have done so they can guess the next byte of the key continually using the previous byte. Using a decision tree based approach they are able to eventually recover the entire key given enough packets.
The first attack on the WEP protocol was called the FMS attack which was named after Fluhrer, Martin, and Shamir who published an article describing the weakness in 2001. The paper describes several “weak” IVs which have “a format of B+3::ff:X (where B is the byte of the key to be found, ff is the constant 255, and X is irrelevant).” By using our knowledge of the plaintext in the headers of certain packets such as Address Resolution Protocol (ARP) packets we can determine the value of B. The original FMS attack is determined to have approximately a 50% success probability with about
9,000,000 packets . The above weak IVs are not the only the ones described in the paper as there are several types of varying usefulness to attackers and other attacks were developed from these other IVs.
Another famous attack was developed by an internet user posting under the name of KoreK. In 2004, KoreK released a cracking suite on an internet forum which implemented 17 different attacks. While some of these attacks were previously discovered, most were found by KoreK.  There were three groups of attacks in the KoreK suite. The first group is similar to the FMS attack using the first word of output from the RC4 algorithm to recover the key. The second group uses both the first and the second word. And the third group, which is called inverse attacks, is able to exclude certain values from being in the key. Instead of guessing what the key values could be it determines what the key values could not be. The KoreK attacks were able to achieve almost a 97% probability of success using only 300,000 packets.
The newest and most powerful attack on WEP is called the PTW attack which is named after its creators Pyshkin, Tews, and Weinmann and released in 2007. The PTW is much more powerful than all the other attacks because it can make use of every packet captured. The PTW attack is based on another attack released in 2005 called the Klein attack after its creator. The PTW attack implements a key ranking strategy which instead of trying all possible combinations of the key, picks a set number of likely keys and continues the RC4 algorithm based on those. Using different voting strategies the attacker can pick the most likely key byte at each decision in the tree to determine the correct key. The PTW Attack was able to achieve around a 97% probability of success using only 70,000 packets, although in real world trials only 20,000 to 40,000 packets are normally required.