WPA/WPA2 TKIP RC4 keystream discovery attack (For learning purpose)
Last Post: April 10, 2010:
-
Vertigo, it looks to me like the AP noticed the MIC replay attack but the Windows 7 client did not. From my understanding of the CWNP 802.11i Authentication and Key Management white paper, the GTK is used to encrypt broadcast and multicast data and its derived from the GMK which is used by the AP to make GTK's. So the GTK is sent to the station by the AP, therefore the AP would be the one doing the GTK renewal, not the windows supplicant.
As was pointed out in this previous thread http://www.cwnp.com/bbpress/topic.php?id=3097
" it's tough just to get to the point where the MIC failure is generated." More to the point, the MIC countermeasures are done by the AP and not the client according to IEEE 802.11i section 8.3.2.4.1 item b) 3)
I think you are misreading what is actually going on in your attack there. that's my opinion anyway.
- 1