direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments



This project has been implemented and realized for the module "Project in Advanced Network Technologies" at the TU Berlin.

The goal of this project was to evaluate the impact of KRACK in a realistic scenario. Particularly, the project focused on using KRACK for decryption in the context of the 802.11i 4-way handshake in combination with CCMP as encryption protocol.

In difference to prior Krack Proof-of-Concepts we don't focus on the all zero case of KRACK which is a special variant. In the all zero case the encryption key would be reinstalled with zeros. This would lead to an unencrypted payload and therefore would be trivial to exploit.                   

What all KRACK-attacks have in common is the requirement of a Layer-2 MitM position. This means an attacker forwards the WiFi frames from the victim to the access point.

From a cryptographically point of view the difference between different variants is huge. This leads to different impacts depending on the used handshake and encryption mechanism.

This work here focus on the most common and realistic scenario: 802.11i 4-way handshake in combination with CCMP.

The key idea of the attack is to exploit a nonce-reuse which is enforced with the key reinstallation.

In the end this setup and attack allows to decrypt the content of frames. Nevertheless the decryption itself requires the knowledge of plaintexts of previous sent messages. Our work shows that this is non trivial. Additionally our work provides the proof-of-concept.

Decoder Graph


Dynamic Decoder Graph


Master Diagramm


Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe


David Pascal Runge
Viktor Schlüter