Accepted Papers

  • Denial-of-Service Attacks Against the 4-way Wi-Fi Handshake
    Mathy Vanhoef and Frank Piessen simec-DistriNet, KU Leuven

    client and Access Point (AP). We analyze this handshake, and discover several new denial-of- service (DoS) attacks against it. Interestingly, our attacks work even if Management Frame Pro- tection (MFP) is enabled. The rst attack abuses the observation that messages in the 4-way handshake undergo link-layer encryption once the pairwise key is installed. More precisely, when message 4 of the handshake is dropped, the handshake times out. The second attack is similar to the second one, but induces the AP into sending the rst message 4 with link-layer encryption. Again, this causes the handshake to time out. In the third attack, an adversary waits until the victim completes the 4-way handshake. Then she initiates a rekey by injecting a malformed 4-way handshake messages, causing several implementations to disconnect the client from the network. Finally, we propose countermeasures against our discovered attacks.

Copyright © NCS 2017