Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
2Activity

Table Of Contents

1.1 Motivation
1.2 Related Work
1.3 Problem Description and Goals
1.4 Limitations
1.5 Research Methodology
1.6 Document Structure
2.1 Security Principles
2.1.1 General Principles
2.1.2 Encryption techniques
2.1.3 Authentication and Authorization
2.1.4 Attacks
2.2 IEEE 802.11 Wireless Networks
2.2.1 General Description
2.2.2 Structure of Wireless Networks
2.2.3 History
2.2.4 IEEE 802.11 Transmission Protocols Roundup
2.3 Wireless Security
2.3.1 IEEE 802.11 Security Protocols
2.4 Wired Equivalent Privacy (WEP)
2.4.1 History
2.4.2 Protocol Overview
2.4.3 Authentication
2.4.4 Pseudorandom Number Generator - RC4
2.4.5 Integrity Check Value - CRC-32
2.4.7 Weaknesses of WEP
2.5 Attacks on WEP
2.5.1 The FMS Attack
2.5.2 The KoreK Attack
2.5.3 The PTW Attack
2.5.4 Beck and Tews’ Improved Attack on RC4
2.5.5 Chopchop Attack
2.5.6 Fragmentation Attack
2.6 Temporal Key Integrity Protocol (TKIP)
2.6.1 History
2.6.2 Protocol overview
2.6.3 TKIP Encapsulation
2.6.4 TKIP Decapsulation
2.6.5 TKIP Packet Structure
2.6.6 TKIP Sequence counter (TSC)
2.6.7 Message Integrity Code (MIC)
2.7 Counter Mode with CBC MAC Protocol (CCMP)
2.8 Attacks on TKIP and CCMP
2.9 IEEE 802.11e - QoS/WMM
2.10 Address Resolution Protocol (ARP)
2.10.1 Protocol Overview
2.10.2 ARP Packet Structure
2.10.3 Attacks on ARP
2.11 Dynamic Host Configuration Protocol (DHCP)
2.11.1 Overview
2.11.2 DHCP Packet Structure
Beck and Tews’ Attack on TKIP
3.1 Requirements
3.1.1 QoS/WMM
3.1.2 Key Renewal Interval
3.2 The Attack in Details
3.2.1 Client De-Authentication
3.2.2 Modified Chopchop Attack
3.2.3 Guessing The Remaining Bytes
3.2.4 Reversing the MICHAEL Algorithm
3.3 Limitations
3.4 Application Areas
3.4.1 ARP Poisoning
3.4.2 Denial-of-Service
3.5 Countermeasures
An Improved Attack on TKIP
4.1 The DHCP ACK Message
4.2 The Attack in Details
4.3 Application Areas
4.3.1 DHCP DNS Attack
4.3.2 NAT Traversal Attack
Laboratory Environment
5.1 Hardware
5.1.1 Computers
5.1.2 Access Point
5.2 Software
5.2.1 The Aircrack-ng Suite
5.2.2 Wireshark
5.2.3 Command Line Tools
Experiments
6.1 Preparations for the Attacks
6.2 Verification of the Original Implementation
6.3 Modifying tkiptun-ng Into an ARP Poisoning
6.4 Modifying tkiptun-ng Into a Cryptographic DoS
6.5 Verification of the Improved Attack
6.6 Experimentation With Other Systems
Results
7.1 Verification of the Original Attack
7.2 ARP Poisoning Attack
7.3 A Cryptographic Denial-of-Service Attack
7.4 Verification of the Improved Attack
7.5 Results With Different Configurations
7.5.1 The Original Tkiptun-ng Attack
7.5.2 Access Points
7.5.3 Injection on Different QoS Channels
7.5.4 Forcing DHCP Renewal
7.5.5 Predictability of DHCP Transaction IDs
7.5.6 Summary of Experimentation With Other Systems
Discussion
8.1 Application Areas
8.1.1 The Original Attack
8.1.2 The Improved Attack
8.2 Real World Applicability
A.1 Denial-of-Service Attack
A.2 ARP Poisoning Attack
A.3 Improved Attack
0 of .
Results for:
No results containing your search query
P. 1
Tkip Master

Tkip Master

Ratings: (0)|Views: 127|Likes:
Published by joenj

More info:

Published by: joenj on Dec 13, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/28/2012

pdf

text

original

You're Reading a Free Preview
Pages 4 to 13 are not shown in this preview.
You're Reading a Free Preview
Pages 17 to 46 are not shown in this preview.
You're Reading a Free Preview
Pages 51 to 66 are not shown in this preview.
You're Reading a Free Preview
Pages 70 to 156 are not shown in this preview.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->