Introduction
Back in November of 2008 I wrote about the Wi-Fi Protected Access (WPA) attack by the German graduate students Erik Tews and Martin Beck. They discovered a limited method to crack WPA, or more specifically, to crack the TKIP component of WPA. Their paper describes the attack and their tkiptun-ng tool carries out the attack.
Now, Japanese researchers Toshihiro Ohigashi and Masakatu Morii have taken the Tews-Beck attack one step further. Their paper describe how they can reduce the attack time from 12-15 minutes down to 1 minute and how they can eliminate the requirement that the station under attack support the IEEE 802.11e QoS mechanism.
Some articles have sensationalized this attack and have even implied that AES-CCMP could be next.
Bottom line:
- The vulnerability exposed by the Ohigashi-Morii attack is no different from the vulnerability exposed by the Tews-Beck. The Ohigashi-Morii attack essentially just speeds up the Tews-Beck attack process. More specifically, neither the Tews-Beck nor the Ohigashi-Morii attacks discover the encryption key. Instead, they systematically decrypt an individual packet of short length (e.g., ARP packet)
- The attacker cannot decrypt all the packets on a WLAN.
- The attack only exploits TKIP, which is the older “band-aid” feature created to fix WEP (WEP used RC-4 encryption). The attack does not exploit AES-CCMP.
- If you use certificates on both your stations and your access points (e.g., you use EAP-TLS) then your network is not vulnerable to the Ohigashi-Morii man-in-the-middle attack but your network may be vulnerable to the Tews-Beck attack.
Recommendations:
- Use AES-CCMP encryption to protect against this attack. All certified WPA2 systems must support AES-CCMP.
- Check to see if your WPA-certified systems support AES-CCMP. If so, you should configure your WPA equipment to use AES-CCMP.
- Begin a program to phase out your older Access Points and stations that do not support AES-CCMP.
Terminology
There is some confusion over the difference between the Wi-Fi Alliance certification and the actual features supported by the vendor equipment.
WPA certification: The older Wi-Fi Alliance WPA certification designation means that the equipment was certified to support: 802.1X, EAP, TKIP, and RC4.
WPA2 certification: The newer (and now mandatory) WPA2 certification designation means that the equipment was certified to support: 802.1X, EAP, and AES-CCMP.
Vendor equipment: Some vendors chose to support both TKIP-RC4 and AES-CCMP irrespective of how the equipment was certified. It is therefore possible to configure some WPA-certified equipment to support AES-CCMP. It is also possible to configure WPA2-certified equipment to support TKIP-RC4.
More detailed information:
Recent Comments