Cryptanalysis of IEEE 802.11i TKIP

Abstract

The Temporal Key Integrity Protocol (TKIP) was created to fix the weaknesses of Wired Equivalent Privacy (WEP). Up until November 2008, TKIP was believed to be a secure alternative to WEP, although some weak points were known. In November 2008, the German researchers Martin Beck and Erik Tews released a paper titled Practical Attacks Against WEP and WPA. This paper introduced the first practical cryptographic attack on TKIP. This thesis continues the work of Beck and Tews, and presents an improved attack as an advancement of their original attack. The thesis starts by giving a comprehensive study of the current state of wireless network and security protocols. Next, a detailed description of Beck and Tews' attack will be given. The main contribution in this thesis is an improvement of Beck and Tews' attack on TKIP. This improved attack is able to obtain more than ten times the amount of keystream than the original attack, by exploiting the fact that the Dynamic Host Configuration Protocol (DHCP) contains large amounts of known plaintext. Additionally, the authors prove how it is possible to modify the original attack on TKIP to be able to perform an Address Resolution Protocol (ARP) poisoning attack and a cryptographic Denial-of-Service (DoS) attack. In addition to these theoretical results, the contributions made by the authors were implemented as extensions to the source code provided by Beck and Tews. Experimental verification of the attacks was also performed; this included the original attack by Beck and Tews, as well as our own contributions.