Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36,500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 220 computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.

This paper proposes a scheme for hard handover (HO) between base stations (BSs) that combines bicast with forwarding; it realizes packet-lossless HO as well as low HO control delay. The proposed scheme observes the status of the current channel condition and initiates bicasting, the simultaneous transfer of IP packets from the access router to both the old BS and the new BS, when the probability of HO becomes high; this reduces the control delay imposed by hard HO. When HO becomes unavoidable, only those IP packets remaining in the old BS buffer that are not shared with the new BS are forwarded to the MS; this prevents the loss of IP packets. Computer simulations show that the proposed scheme reduces the HO control delay at 95% cumulative distribution function (CDF) by approximately 1700 (300) msec, 340 (320) msec, and 170 (330) msec compared to the conventional forwarding scheme (the conventional bicast scheme) when the number of users is 80 and the maximum Doppler frequency (fdmax) is 5.55 Hz and data rate (D) on the wired propagation channel is 10, 50, and 100 Mbps, respectively. The results confirm the superiority of the proposed scheme as an IP packet loss prevention scheme for hard HO.