To gain access to a network, a user must be authenticated. While authentication
is typically done at a higher network level, 802.11b and Bluetooth technologies
also support device authentication.
In 802.11b authentication is performed by a challenge response procedure using
a shared secret. After requesting authentication, the authenticator sends the
initiator a 128-octet random number challenge. The initiator encrypts the
challenge using the shared secret and transmits it back to the authenticator.
Encryption is performed by XORing the challenge with a pseudo-random string
formed by the shared secret and a public IV. Note that the only thing that
changes from authentication to authentication with a specific user is the plaintext
A simple and powerful attack on this authentication mechanism is presented by
Arbaugh, et. al . First the intruder determines the pseudorandom string by
recording the challenge (plaintext) and the response (ciphertext) and XORing
them. He then impersonates the victim by using the pseudorandom string to
compute the response to subsequent challenges. Notice that the attacker never
needs to determine the shared secret; knowledge of the pseudorandom string is