« Maximizing ROI for mobile applications - part 2 | Main | IEEE finally ratifies the 802.11n standard »

September 09, 2009

New WPA attack - updated

Posted by: Paul DeBeasi

Introduction

Back in November of 2008 I wrote about the Wi-Fi Protected Access (WPA) attack by the German graduate students Erik Tews and Martin Beck. They discovered a limited method to crack WPA, or more specifically, to crack the TKIP component of WPA.  Their paper describes the attack and their tkiptun-ng tool carries out the attack.

Now, Japanese researchers Toshihiro Ohigashi and Masakatu Morii have taken the Tews-Beck attack one step further. Their paper describe how they can reduce the attack time from 12-15 minutes down to 1 minute and how they can eliminate the requirement that the station under attack support the IEEE 802.11e QoS mechanism.

Some articles have sensationalized this attack and have even implied that AES-CCMP could be next.

Bottom line:

  • The vulnerability exposed by the Ohigashi-Morii attack is no different from the vulnerability exposed by the Tews-Beck. The Ohigashi-Morii attack essentially just speeds up the Tews-Beck attack process.  More specifically, neither the Tews-Beck nor the Ohigashi-Morii attacks discover the encryption key. Instead, they systematically decrypt an individual packet of short length (e.g., ARP packet).
  • The attacker cannot decrypt all the packets on a WLAN.
  • The attack only exploits TKIP, which is the older “band-aid” feature created to fix WEP (WEP used RC-4 encryption). The attack does not exploit AES-CCMP. 
  • If you use certificates on both your stations and your access points (e.g., you use EAP-TLS) then your network is not vulnerable to the Ohigashi-Morii man-in-the-middle attack but your network may be vulnerable to the Tews-Beck attack. 

Recommendations:

  • Use AES-CCMP encryption to protect against this attack. All certified WPA2 systems must support AES-CCMP.
  • Check to see if your WPA-certified systems support AES-CCMP. If so, you should configure your WPA equipment to use AES-CCMP.
  • Begin a program to phase out your older Access Points and stations that do not support AES-CCMP.

Terminology

There is some confusion over the difference between the Wi-Fi Alliance certification and the actual features supported by the vendor equipment.

WPA certification: The older Wi-Fi Alliance WPA certification designation means that the equipment was certified to support: 802.1X, EAP, TKIP, and RC4.

WPA2 certification: The newer (and now mandatory) WPA2 certification designation means that the equipment was certified to support: 802.1X, EAP, and AES-CCMP.

Vendor equipment: Some vendors chose to support both TKIP-RC4 and AES-CCMP irrespective of how the equipment was certified. It is therefore possible to configure some WPA-certified equipment to support AES-CCMP.  It is also possible to configure WPA2-certified equipment to support TKIP-RC4.

More detailed information:

   Erik Tews and Martin Beck paper

Toshihiro Ohigashi and Masakatu Morii paper

Glenn Fleishman article

Posted by at 09:58 AM in Paul DeBeasi |

|

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8357b16bb69e20120a5b38d2a970c

Listed below are links to weblogs that reference New WPA attack - updated:

Comments

The comments to this entry are closed.

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Categories


Read more Burton Group blogs

Archives

More...

About

Blog powered by TypePad