Information Technology Reference
In-Depth Information
for (jp=0; S[jp] != o2; jp++);
/* As long as that index isn't 1 or 2, extract
the byte and save it */
if ((jp!=1) && (jp!=2)) stat5[(jp-j-S[p]) & 0xff]++;
}
}
}
// inverted attack
/* This attack is useful in determining false positives. As
the byte values get placed in the stat6[] bin, there is
a chance that that value is not correct. KoreK placed a
threshold on this at 32. If any byte appears in
the stat6[] bin more than 32 times, it must not be the right
value. These tests are pretty straight forward. Just
remember that o1 is the first byte of the keystream.
*/
if (S[2] == 0)
{
if ((S[1] == 2) && (o1 == 2))
{
stat6[(1-j-S[p]) & 0xff]++;
stat6[(2-j-S[p]) & 0xff]++;
}
else if (o2==0)
{
stat6[(2-j-S[p]) & 0xff]++;
}
}
if ((S[1] == 1) && (o1 == S[2]))
{
stat6[(1-j-S[p]) & 0xff]++;
stat6[(2-j-S[p]) & 0xff]++;
}
if ((S[1] == 0) && (S[0] == 1) && (o1 == 1))
{
stat6[(-j-S[p]) & 0xff]++;
stat6[(1-j-S[p]) & 0xff]++;
}
R
EFERENCES
[1] Barkin L.,
How Secure is Your Wireless Network?
, Prentice Hall PTR, Upper Saddle
River, 2004.
[2] Berghel H., “Wireless infidelity I: War driving”,
Commun. ACM
47
(9) (2004) 21-26.
[3] Berghel H., Uecker J., “Wireless infidelity II: Air jacking”,
Commun. ACM
47
(12)
(2004) 20-25.
