A Study of the TKIP Cryptographic DoS Attack

The contribution of the paper is to study the cryptographic DoS attack in a testbed environment. We have shown the correct mechanism for an 802.11 message modification attack, described the implementation of this attack using a middleperson approach and compared the TKIP and Harkins countermeasures in a controlled environment. The cryptographic DoS attack is demonstrated to be practical and can be mounted by a single adversary with limited resources. This attack requires very little work on behalf of a hostile adversary and will bring TKIP-protected traffic to a complete halt. The threat of this attack being used to accomplish a security-level rollback should not be underestimated. The Harkins countermeasures address this threat by reacting in a more measured manner to active key recovery attacks.

[1]  Russ Housley,et al.  Security flaws in 802.11 data link protocols , 2003, CACM.

[2]  Pramod K. Varshney,et al.  Protecting Wireless Networks against a Denial of Service Attack Based on Virtual Jamming , 2003 .

[3]  Avishai Wool,et al.  A note on the fragility of the "Michael" message integrity code , 2004, IEEE Transactions on Wireless Communications.

[4]  John C. Mitchell,et al.  Analysis of the 802.11i 4-way handshake , 2004, WiSe '04.

[5]  William A. Arbaugh,et al.  Real 802.11 Security: Wi-Fi Protected Access and 802.11i , 2003 .

[6]  Henry L. Owen,et al.  Wireless intrusion detection and response: a classic study using main-in-the-middle attack , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[7]  Nitin H. Vaidya,et al.  Detection and handling of MAC layer misbehavior in wireless networks , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[8]  A. Celik,et al.  Improving the security of wireless LANs by managing 802.1x disassociation , 2004, First IEEE Consumer Communications and Networking Conference, 2004. CCNC 2004..

[9]  John C. Mitchell,et al.  Security Analysis and Improvements for IEEE 802.11i , 2005, NDSS.

[10]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[11]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[12]  R Schmoyer Timothy,et al.  Wireless intrusion detection and response : A case study using the classic man-in-the-middle attack , 2004 .