Security Analysis of Michael: The IEEE 802.11i Message Integrity Code

Capítulo de livro Acesso aberto Revisado por pares

Security Analysis of Michael: The IEEE 802.11i Message Integrity Code

2005; Springer Science+Business Media; Linguagem: Inglês

10.1007/11596042_44

ISSN

1611-3349

Autores

Jianyong Huang, Jennifer Seberry, Willy Susilo, M. W. Bunder,

Tópico(s)

Cryptographic Implementations and Security

Resumo

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of the block function in any round is equal to any of these fixed points, a packet forgery attack could be mounted against Michael. Since the Michael value is encrypted by RC4, the proposed packet forgery attack does not endanger the security of the whole TKIP system.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Security Analysis of Michael: The IEEE 802.11i Message Integrity Code