today my suggested reading is "Enhanced TKIP Michael Attacks" (PDF).
In this paper, new attacks against TKIP based IEEE 802.11 networks are described. Using the known Beck-Tews attack, we de ne schemas to continuously generate new keystreams, which allow more and longer packet to be injected. Also an attack against the Michael message integrity code is presented, that allows an attacker to reset the internal MIC state and building on top of that, concatenating a known message with an unknown message keeping the unknown MIC valid for the new entire packet. Based on this, a schema to decrypt all tra c towards the client is described.