Weaknesses in the temporal key hash of WPA

Moen, V.; Raddum, Håvard; Hole, Kjell

doi:10.1145/997122.997132

Cited by 45 publications

(30 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Basically, WPA is a WEP wrapper which contains anti-replay protections and a key management scheme to avoid key reuse. In 2004, Moen, Raddum and Hole [24] discovered that the recovery of at least two RC4 packet keys in WPA leads to a full recovery of the temporal key and the message integrity check key. The complexity of this attack is defined by the exhaustive search of two 104-bit long keys, i.e.…”

Section: Theoretical Key Recovery Attacks On Wpamentioning

confidence: 99%

Discovery and Exploitation of New Biases in RC4

Sepehrdad

Vaudenay

Vuagnoux

2011

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9 800 encrypted packets (less than 20 seconds), instead of 24 200 for the best previous attack.

show abstract

Section: Theoretical Key Recovery Attacks On Wpamentioning

confidence: 99%

Discovery and Exploitation of New Biases in RC4

Sepehrdad

Vaudenay

Vuagnoux

2011

Selected Areas in Cryptography

View full text Add to dashboard Cite

show abstract

“…Supplicant and the AP [11,12].The Procedure begin by sending of Message1 from AP to Supplicant. The AP generates ANonce which is a random number, starts a Sequence Number and encapsulates these inside Message1.…”

Section: -Way Handshakementioning

confidence: 99%

“…The mechanism defined by IEEE 802.11i is vulnerable to memory exhaustion attacks [11], [13], [14] and DoS flooding .So, to handle these types of attacks we need to develop some security mechanisms. The weakness of 4-way handshake phase of 802.11i standard is the first message that is Message1 because of not using any MIC field in order to guarantee the message integrity.…”

Section: Dos and Memory Exhaustion Attacks On 4-way Handshakementioning

confidence: 99%

“…According to Mitchell [11], if we add MIC in Message1 then we can easily prevent possible DoS attack because the 4-Way Handshake phase begins both Authenticator and Supplicant shares a common secret key PMK. As we know that PMK is used for adding the MIC value and it is the basic and mandatory element in deriving the series of other keys, so using of it directly in communicating any of the messages over the network is risky and should be avoided as it becomes vulnerable to attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Prevention of DoS and Memory Attacks: Enhanced 3-Way Handshake

Singhal¹,

Diwakar²,

Katre³

2013

IJCA

View full text Add to dashboard Cite

In today's world most organizations are moving from wireconnected LAN to wireless LAN. The phenomenal popularity of the 802.11 network standards stems from the fact that they provide for wireless connections with ease and convenience. Recently, security holes have been identified in the operation of 802.11 networks, and the 802.11i protocol has been announced to protect such networks. However, there are still security issues that prevent the 802.11 network from becoming the best choice protocol for wireless LANs. We reviewed 802.11i security with a focus on a denial of service attack. This attack exhausts the client's memory using a vulnerability of the key derivation procedure in 802.11i. It is vulnerable to various Denial of Service attacks (DoS) which includes de-authentication and disassociation attacks including memory exhaustion attacks. For Dos and memory exhaustion attacks which are possible in 4-way handshake ,this paper provides an enhanced 3-way Handshake algorithm which is free from these attacks in comparison to original protocol and is more secure.

show abstract

“…Supplicant and the AP [11,12]. First step is the procedure begin by sending of Message1 from AP to Supplicant.…”

Section: Four-way Handshakementioning

confidence: 99%

Prevention of DoS and Memory Exhaustion Attacks: Key Distribution with Confidentiality and Authentication

Singhal¹,

Diwakar²,

Katre³

2012

IJCA

View full text Add to dashboard Cite

Now a day's most of the organizations are moving from wireconnected LAN to wireless LAN. The popularity of the 802.11 network standards stems from the fact that they provide for wireless connections with simplicity and convenience. But, there are many security issues which have been identified in the operation of 802.11 networks, and the 802.11i protocol has been announced to protect these types of networks. 802.11i protocol security has with a focus on an active attack and a passive attack. These types of attacks exhaust the client's memory using a vulnerability of the key derivation procedure in 802.11i. It is vulnerable to various active and passive attacks which include de-authentication and disassociation attacks. For active and passive attacks( denial of services and memory exhaustion ) which are possible in 4-way handshake, this paper provides a secret key distribution with confidentiality and authentication and can also say that this procedure of secret key distribution is free from these active and passive attacks in comparison to original protocol and is more secure. General Terms: Security

show abstract

Weaknesses in the temporal key hash of WPA

Cited by 45 publications

References 2 publications

Discovery and Exploitation of New Biases in RC4

Discovery and Exploitation of New Biases in RC4

Prevention of DoS and Memory Attacks: Enhanced 3-Way Handshake

Prevention of DoS and Memory Exhaustion Attacks: Key Distribution with Confidentiality and Authentication

Contact Info

Product

Resources

About