University of Wollongong
Browse

Security analysis of Michael: the IEEE 802.11i message integrity code

Download (213.55 kB)
conference contribution
posted on 2024-11-14, 09:00 authored by Jianyong Huang, Jennifer SeberryJennifer Seberry, Willy SusiloWilly Susilo, Martin BunderMartin Bunder
The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of the block function in any round is equal to any of these fixed points, a packet forgery attack could be mounted against Michael. Since the Michael value is encrypted by RC4, the proposed packet forgery attack does not endanger the security of the whole TKIP system.

History

Citation

Huang, J., Seberry, J. R., Susilo, W. & Bunder, M. W. (2005). Security analysis of Michael: the IEEE 802.11i message integrity code. In T. Enokido, L. Yan, B. Xiao, D. Kim, Y. Dai & L. Yang (Eds.), IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (pp. 423-432). Germany: Springer.

Parent title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volume

3823 LNCS

Pagination

423-432

Publisher website/DOI

Language

English

RIS ID

12338

Usage metrics

    Categories

    Keywords

    SecurityAnalysisMichaelIEEE80211iMessageIntegrityCode

    Licence

    Copyright - All rights reserved

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC