This paper describes about new attacks against TKIP based IEEE 802.11 networks. The structure of this paper is as follows: In Section 2, an introduction to the technical details of the Beck-Tews attack. In Section 3, two schemas on how to generate new keystreams including additional requirements and obstacles to overcome. In section 4, Michael is analyzed and a simple way of generating collisions is presented. Based on these collisions which set the internal Michael state to an arbitrary value, a key reset attack is developed, that in the end allows for packet concatenation. In Section 6, our findings are summarized and mitigation techniques suggested.
You can download this paper here: