Paper Info
Title
Security analysis of michael: the IEEE 802.11i message integrity code
Abstract
The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of the block function in any round is equal to any of these fixed points, a packet forgery attack could be mounted against Michael. Since the Michael value is encrypted by RC4, the proposed packet forgery attack does not endanger the security of the whole TKIP system.
Year
DOI
Venue
2005
10.1007/11596042_44
EUC Workshops
Keywords
Field
DocType
fixed point,keyed hash function,last block message,last round,michael value,security analysis,block function,proposed packet forgery attack,collision status,packet forgery attack,message integrity code,analysis,message,security,code,hash function
Temporal Key Integrity Protocol,Cryptography,Computer security,Computer science,Network packet,Computer network,Encryption,Security analysis,IEEE 802,Hash function,RC4,Distributed computing
Conference
Volume
ISSN
ISBN
3823
0302-9743
3-540-30803-2
Citations 
PageRank 
References 
5
0.65
7
Authors
4
Name
Order
Citations
PageRank
Jianyong Huang1183.50
Jennifer Seberry2987250.36
Willy Susilo34823353.18
Martin Bunder4153.01