Practical verification of WPA-TKIP vulnerabilities
- 8 May 2013
- proceedings article
- Published by Association for Computing Machinery (ACM)
- p. 427-436
- https://doi.org/10.1145/2484313.2484368
Abstract
We describe three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP). The first attack is a Denial of Service attack that can be executed by injecting only two frames every minute. The second attack demonstrates how fragmentation of 802.11 frames can be used to inject an arbitrary amount of packets, and we show that this can be used to perform a portscan on any client. The third attack enables an attacker to reset the internal state of the Michael algorithm. We show that this can be used to efficiently decrypt arbitrary packets sent towards a client. We also report on implementation vulnerabilities discovered in some wireless devices. Finally we demonstrate that our attacks can be executed in realistic environments.Keywords
This publication has 10 references indexed in Scilit:
- Practical attacks against WEP and WPAPublished by Association for Computing Machinery (ACM) ,2009
- Wireless networks security: Proof of chopchop attackPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- A Study of the TKIP Cryptographic DoS AttackPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Discovering and exploiting 802.11 wireless driver vulnerabilitiesJournal of Computer Virology and Hacking Techniques, 2007
- The final nail in WEP's coffinPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Security Analysis of Michael: The IEEE 802.11i Message Integrity CodePublished by Springer Nature ,2005
- A Note on the Fragility of the “Michael” Message Integrity CodeIEEE Transactions on Wireless Communications, 2004
- A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)ACM Transactions on Information and System Security, 2004
- Weaknesses in the temporal key hash of WPAACM SIGMOBILE Mobile Computing and Communications Review, 2004
- TCP/IP security threats and attack methodsComputer Communications, 1999