|Authors||V. Moen, H. Raddum and K. J. Hole|
|Title||Weaknesses in the temporal key hash of WPA|
|Afilliation||, Communication Systems|
|Publication Type||Journal Article|
|Year of Publication||2004|
|Journal||Mobile Computing and Communications Review|
|Keywords||802.11, MIC, Michael, temporal key hash, TKIP, WPA|
This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key. This is not a practical attack on WPA, but it shows that parts of WPA are weak on their own. Using this attack it is possible to do a TK recovery attack on WPA with complexity O(2105) compared to a brute force attack with complexity O (2128).