We introduce key reinstallation attacks. These attacks abuse features of a protocol to reinstall an already in-use key, thereby resetting nonces and/or replay counters associated to this key. We show that our novel attack technique breaks several handshakes that are used in a WPA2-protected network.

By Mathy Vanhoef

Full Abstract & Presentation Materials:
https://www.blackhat.com/eu-17/briefi...