In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tews attack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets of limitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle attack. In the man-inthe-middle attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case.
[1]
Voon Chin Phua,et al.
Wireless lan medium access control (mac) and physical layer (phy) specifications
,
1999
.
[2]
Erik Tews,et al.
Practical attacks against WEP and WPA
,
2009,
WiSec '09.
[3]
염흥렬,et al.
[서평]「Applied Cryptography」
,
1997
.
[4]
Kjell Jørgen Hole,et al.
Weaknesses in the temporal key hash of WPA
,
2004,
MOCO.
[5]
Erik Tews,et al.
Breaking 104 Bit WEP in Less Than 60 Seconds
,
2007,
WISA.
[6]
Adi Shamir,et al.
Weaknesses in the Key Scheduling Algorithm of RC4
,
2001,
Selected Areas in Cryptography.