A note on the fragility of the "Michael" message integrity code

Avishai Wool

doi:10.1109/TWC.2004.833470

A note on the fragility of the "Michael" message integrity code

Avishai Wool^*

^*Corresponding author for this work

School of Electrical Engineering

Research output: Contribution to journal › Article › peer-review

17 Scopus citations

Abstract

The IEEE 802.11 wireless local area network standard did not incorporate a cryptographic message integrity code into its wired equivalent privacy (WEP) protocol, and relied upon CRC-32 for message integrity. This was shown to be completely insecure since WEP uses a stream cipher (RC4) for encryption. The latest IEEE 802.11i draft addresses this, and other, weaknesses discovered in WEP. IEEE 802.11i suggests three new modes of operation: two based on the Advanced Encryption Standard cipher and one [temporal key integrity protocol (TKIP)] still based on RC4. The TKIP mode is intended for use on legacy hardware, which is computationally weak. TKIP uses a new, keyed, 64-b, message integrity code called Michael. In this letter, we highlight a weakness in Michael and suggest a simple fix.

Original language	English
Pages (from-to)	1459-1462
Number of pages	4
Journal	IEEE Transactions on Wireless Communications
Volume	3
Issue number	5
DOIs	https://doi.org/10.1109/TWC.2004.833470
State	Published - Sep 2004

Keywords

Message authentication code
Wireless security

Access to Document

10.1109/TWC.2004.833470

Cite this

@article{3475a52ce7d24f78ab40405b8095ffbb,

title = "A note on the fragility of the {"}Michael{"} message integrity code",

abstract = "The IEEE 802.11 wireless local area network standard did not incorporate a cryptographic message integrity code into its wired equivalent privacy (WEP) protocol, and relied upon CRC-32 for message integrity. This was shown to be completely insecure since WEP uses a stream cipher (RC4) for encryption. The latest IEEE 802.11i draft addresses this, and other, weaknesses discovered in WEP. IEEE 802.11i suggests three new modes of operation: two based on the Advanced Encryption Standard cipher and one [temporal key integrity protocol (TKIP)] still based on RC4. The TKIP mode is intended for use on legacy hardware, which is computationally weak. TKIP uses a new, keyed, 64-b, message integrity code called Michael. In this letter, we highlight a weakness in Michael and suggest a simple fix.",

keywords = "Message authentication code, Wireless security",

author = "Avishai Wool",

year = "2004",

month = sep,

doi = "10.1109/TWC.2004.833470",

language = "אנגלית",

volume = "3",

pages = "1459--1462",

journal = "IEEE Transactions on Wireless Communications",

issn = "1536-1276",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "5",

}

TY - JOUR

T1 - A note on the fragility of the "Michael" message integrity code

AU - Wool, Avishai

PY - 2004/9

Y1 - 2004/9

N2 - The IEEE 802.11 wireless local area network standard did not incorporate a cryptographic message integrity code into its wired equivalent privacy (WEP) protocol, and relied upon CRC-32 for message integrity. This was shown to be completely insecure since WEP uses a stream cipher (RC4) for encryption. The latest IEEE 802.11i draft addresses this, and other, weaknesses discovered in WEP. IEEE 802.11i suggests three new modes of operation: two based on the Advanced Encryption Standard cipher and one [temporal key integrity protocol (TKIP)] still based on RC4. The TKIP mode is intended for use on legacy hardware, which is computationally weak. TKIP uses a new, keyed, 64-b, message integrity code called Michael. In this letter, we highlight a weakness in Michael and suggest a simple fix.

AB - The IEEE 802.11 wireless local area network standard did not incorporate a cryptographic message integrity code into its wired equivalent privacy (WEP) protocol, and relied upon CRC-32 for message integrity. This was shown to be completely insecure since WEP uses a stream cipher (RC4) for encryption. The latest IEEE 802.11i draft addresses this, and other, weaknesses discovered in WEP. IEEE 802.11i suggests three new modes of operation: two based on the Advanced Encryption Standard cipher and one [temporal key integrity protocol (TKIP)] still based on RC4. The TKIP mode is intended for use on legacy hardware, which is computationally weak. TKIP uses a new, keyed, 64-b, message integrity code called Michael. In this letter, we highlight a weakness in Michael and suggest a simple fix.

KW - Message authentication code

KW - Wireless security

UR - http://www.scopus.com/inward/record.url?scp=7544239419&partnerID=8YFLogxK

U2 - 10.1109/TWC.2004.833470

DO - 10.1109/TWC.2004.833470

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:7544239419

SN - 1536-1276

VL - 3

SP - 1459

EP - 1462

JO - IEEE Transactions on Wireless Communications

JF - IEEE Transactions on Wireless Communications

IS - 5

ER -

A note on the fragility of the "Michael" message integrity code

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this