Falsification Attacks against WPA-TKIP in a Realistic Environment
نویسندگان
چکیده
In this paper, we propose two new falsification attacks against Wi-Fi Protected Access Temporal Key Integrity Protocol (WPATKIP). A previous realistic attack succeeds only for a network that supports IEEE 802.11e QoS features by both an access point (AP) and a client, and it has an execution time of 12–15min, in which it recovers a message integrity code (MIC) key from an ARP packet. Our first attack reduces the execution time for recovering a MIC key. It can recover the MIC key within 7–8min. Our second attack expands its targets that can be attacked. This attack focuses on a new vulnerability of QoS packet processing, and this vulnerability can remove the condition that the AP supports IEEE 802.11e. In addition, we discovered another vulnerability by which our attack succeeds under the condition that the chipset of the client supports IEEE 802.11e even if the client disables this standard through the OS. We demonstrate that chipsets developed by several kinds of vendors have the same vulnerability. key words: wireless LAN network, WPA-TKIP, falsification attack, QoS, vulnerability
منابع مشابه
Cryptanalysis for RC4 and Breaking WEP/WPA-TKIP
In recent years, wireless LAN systems are widely used in campuses, offices, homes and so on. It is important to discuss the security aspect of wireless LAN networks in order to protect data confidentiality and integrity. The IEEE Standards Association formulated some security protocols, for example, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-T...
متن کاملPlaintext Recovery Attacks Against WPA/TKIP
We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specifi...
متن کاملSpectrum Sensing Data Falsification Attack in Cognitive Radio Networks: An Analytical Model for Evaluation and Mitigation of Performance Degradation
Cognitive Radio (CR) networks enable dynamic spectrum access and can significantly improve spectral efficiency. Cooperative Spectrum Sensing (CSS) exploits the spatial diversity between CR users to increase sensing accuracy. However, in a realistic scenario, the trustworthy of CSS is vulnerable to Spectrum Sensing Data Falsification (SSDF) attack. In an SSDF attack, some malicious CR users deli...
متن کاملBig Bias Hunting in Amazonia: Large-Scale Computation and Exploitation of RC4 Biases (Invited Paper)
RC4 is (still) a very widely-used stream cipher. Previous work by AlFardan et al. (USENIX Security 2013) and Paterson et al. (FSE 2014) exploited the presence of biases in the RC4 keystreams to mount plaintext recovery attacks against TLS-RC4 and WPA/TKIP. We improve on the latter work by performing large-scale computations to obtain accurate estimates of the single-byte and double-byte distrib...
متن کاملNew Linear Correlations Related to State Information of RC4 PRGA Using IV in WPA
RC4 is a stream cipher designed by Ron Rivest in 1987, and is widely used in various applications. WPA is one of these applications, where TKIP is used for a key generation procedure to avoid weak IV generated by WEP. In FSE 2014, two different attacks against WPA were proposed by Sen Gupta et al. and Paterson et al. Both focused correlations between the keystream bytes and the first 3 bytes of...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEICE Transactions
دوره 95-D شماره
صفحات -
تاریخ انتشار 2012