In this paper, new attacks against TKIP based IEEE 802.11 networks are
described. Using the known Beck-Tews attack, we de ne schemas to con-
tinuously generate new keystreams, which allow more and longer packets
to be injected. Also an attack against the Michael message integrity code
is presented, that allows an attacker to reset the internal MIC state and
building on top of that, concatenating a known message with an unknown
message keeping the unknown MIC valid for the new entire packet. Based
on this, a schema to decrypt all tra c towards the client is described.