• Corpus ID: 18602971

A Practical Message Falsification Attack on WPA

@inproceedings{Ohigashi2009APM,
  title={A Practical Message Falsification Attack on WPA},
  author={Toshihiro Ohigashi and Masakatu Morii},
  year={2009}
}
In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tews attack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets of… 

Figures from this paper

Falsification Attacks against WPA-TKIP in a Realistic Environment
TLDR
Two new falsification attacks against Wi-Fi Protected Access Temporal Key Integrity Protocol (WPATKIP) are proposed, one of which reduces the execution time for recovering a MIC key and the other expands its targets that can be attacked.
Cryptanalysis for RC4 and Breaking WEP/WPA-TKIP
TLDR
This paper presents a different interpretation and the relation between other attacks and the TeAM-OK attack against WEP, and presents an attack that is executable in a realistic environment against WPA-TKIP.
Tornado Attack on RC4 with Applications to WEP & WPA
TLDR
This paper reports extremely fast and optimized active and passive attacks against IEEE 802.11 wireless communication protocol WEP and a key recovery and a distinguishing attack against WPA, and describes several attacks on WPA.
An FPGA Architecture for the Recovery of WPA/WPA2 Keys
TLDR
This work focuses on creating an field programmable gate array (FPGA)-based architecture to accelerate the generation of a WPA/WPA2 pairwise master key (PMK) lookup table (LUT) for the recovery of the passphrase, with special emphasis on the secure hash algorithm-1 (SHA-1) implementation.
Advanced Wi-Fi attacks using commodity hardware
TLDR
It is shown that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware, and since a substantial number of networks still use TKIP as their group cipher, this shows that weaknesses in TkIP have a higher impact than previously thought.
Practical Side-Channel Attacks against WPA-TKIP
TLDR
This work systematically analyzes the security of several implementations of WPA-TKIP, and presents novel side-channel attacks against them, which bypass existing countermeasures and recover the Michael message authentication key in 1 to 4 minutes.
Practical Side-Channel Attacks against WPA-TKIP Domien Schepers
TLDR
This work systematically analyze the security of several implementations of WPA-TKIP, and presents novel side-channel attacks against them, which bypass existing countermeasures and recover the Michael message authentication key in 1 to 4 minutes.
A Security Analysis of the WPA-TKIP and TLS Security Protocols
TLDR
This dissertation analyzes the security of popular network protocols and finds that commodity devices allow us to violate several assumptions made by the Wi-Fi, and proposes a technique to decrypt arbitrary packets sent towards a client.
Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks
TLDR
An extension to the 802.11 standard that authenticates parameters that define the currently in-use channel to prevent multi-channel man-in-the-middle attacks and a method to securely verify dynamic channel switches that may occur while already connected to a network.
The Insecurity of Wireless Networks
TLDR
This article reviews OSSMs and the results of experimental attacks on WPA to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.
...
...

References

SHOWING 1-10 OF 14 REFERENCES
Practical attacks against WEP and WPA
TLDR
An improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key.
Weaknesses in the temporal key hash of WPA
TLDR
Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key and this shows that parts of WPA are weak on their own.
Weaknesses in the Key Scheduling Algorithm of RC4
TLDR
It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages.
Breaking 104 Bit WEP in Less Than 60 Seconds
TLDR
An active attack on the WEP protocol is demonstrated that is able to recover a 104-bit WEP key using less than 40,000 frames with a success probability of 50%.
[서평]「Applied Cryptography」
The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical
Wireless lan medium access control (mac) and physical layer (phy) specifications
The medium access control (MAC) and physical characteristics for wireless local area networks (LANs) are specified in this standard, part of a series of standards for local and metropolitan area
and E
  • Tews, “Practical attacks against WEP and WPA,”
  • 2008
H
  • Raddum, and K.J. Hole, “ Weaknesses in the temporal key hash of WPA,” ACM SIGMOBILE Mobile Computing and Communications Review, vol.8, pp.76–83,
  • 2004
Weakness in Passphrase Choice in WPA Interface
  • Weakness in Passphrase Choice in WPA Interface
  • 2003
Re: DOS attack on WPA 802
  • Re: DOS attack on WPA 802
...
...