Title :
A note on the fragility of the "Michael" message integrity code
Author_Institution :
Dept. of Electr. Eng. Syst., Tel Aviv Univ., Ramat Aviv, Israel
Abstract :
The IEEE 802.11 wireless local area network standard did not incorporate a cryptographic message integrity code into its wired equivalent privacy (WEP) protocol, and relied upon CRC-32 for message integrity. This was shown to be completely insecure since WEP uses a stream cipher (RC4) for encryption. The latest IEEE 802.11i draft addresses this, and other, weaknesses discovered in WEP. IEEE 802.11i suggests three new modes of operation: two based on the Advanced Encryption Standard cipher and one [temporal key integrity protocol (TKIP)] still based on RC4. The TKIP mode is intended for use on legacy hardware, which is computationally weak. TKIP uses a new, keyed, 64-b, message integrity code called Michael. In this letter, we highlight a weakness in Michael and suggest a simple fix.
Keywords :
cryptography; message authentication; protocols; telecommunication security; wireless LAN; IEEE 802.11 wireless local area network; Michael message integrity code; advanced encryption standard cipher; cryptographic message integrity code; legacy hardware; temporal key integrity protocol; wired equivalent privacy protocol; Access protocols; Authentication; Code standards; Cryptography; Data security; Hardware; Microwave integrated circuits; Wireless LAN; Wireless application protocol; Wool; Message authentication code; wireless security;
Journal_Title :
Wireless Communications, IEEE Transactions on
DOI :
10.1109/TWC.2004.833470
