Abstract | ||
---|---|---|
The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of the block function in any round is equal to any of these fixed points, a packet forgery attack could be mounted against Michael. Since the Michael value is encrypted by RC4, the proposed packet forgery attack does not endanger the security of the whole TKIP system. |
Year | DOI | Venue |
---|---|---|
2005 | 10.1007/11596042_44 | EUC Workshops |
Keywords | Field | DocType |
fixed point,keyed hash function,last block message,last round,michael value,security analysis,block function,proposed packet forgery attack,collision status,packet forgery attack,message integrity code,analysis,message,security,code,hash function | Temporal Key Integrity Protocol,Cryptography,Computer security,Computer science,Network packet,Computer network,Encryption,Security analysis,IEEE 802,Hash function,RC4,Distributed computing | Conference |
Volume | ISSN | ISBN |
3823 | 0302-9743 | 3-540-30803-2 |
Citations | PageRank | References |
5 | 0.65 | 7 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jianyong Huang | 1 | 18 | 3.50 |
Jennifer Seberry | 2 | 987 | 250.36 |
Willy Susilo | 3 | 4823 | 353.18 |
Martin Bunder | 4 | 15 | 3.01 |