A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi and Masakatu Morii

Abstract. In 2008, Beck and Tews have proposed a practical attack on
WPA. Their attack (called the Beck-Tews attack) can recover plaintext
from an encrypted short packet, and can falsify it. The execution time
of the Beck-Tews attack is about 12-15 minutes. However, the attack
has the limitation, namely, the targets are only WPA implementations
those support IEEE802.11e QoS features. In this paper, we propose a
practical message falsification attack on any WPA implementation. In
order to ease targets of limitation of wireless LAN products, we apply
the Beck-Tews attack to the man-in-the-middle attack. In the man-in-
the-middle attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the execution time
of our attack becomes about one minute in the best case.

                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to