Cracking the WPA Security Standard

 
 
By Andrew Garcia  |  Posted 2008-11-09 Email Print this article Print
 
 
 
 
 
 
 

Analysis: As security researchers prepare to discuss how they were able to subvert the WPA wireless security standard, eWEEK Labs outlines what this means to wireless administrators.

At the PacSec conference in Tokyo the week of Nov. 10, researchers Erik Tews and Martin Beck will outline the attack they created to subvert WPA wireless security protections.

Although the attack is limited in scope at this time-as it only affects TKIP (Temporal Key Integrity Protocol)-protected networks and can only be used to inject traffic but not to steal data-there is sure to be significant confusion about the effects of the attack.

In this article, I have outlined five points about the attack and its consequences that are crucial for wireless administrators to understand-about how it works, what its limits are, and what can be done to protect wireless networks and the data they carry from attackers.  

Click here for how to secure laptops from the government's prying eyes. 

First of all, the attack by Tews and Beck only works against networks protected with TKIP. TKIP, originally called WEP2, was an interim standard adopted to allow wireless users to have an upgrade from the broken WEP (Wired Equivalent Privacy) protocol that lets them protect their wireless data without requiring an investment in new hardware. TKIP took the basics of WEP (and therefore uses the same RC4 stream cipher), enforced a longer encryption key, added per-packet keys, boosted the Initialization Vector used to generate keys from 24-bit to 48-bit in length, and added a new Integrity Check checksum (called Michael). 

It is Michael that is at the root of the new attack. The attack, which leverages a modified chop-chop attack that allows the decryption of individual packets without cracking the Pairwise Master key (the shared secret between clients and the network used for encryption), goes after the Pairwise Transient Key protecting the session in order to interpret very small packets (like an ARP) of just a few bytes of unknown data.

The attacker must probe cautiously because Michael will shut down a device for 60 seconds and rekey if it sees two Michael errors within a minute.  However, because there is little to guess in these small packets, the attacker only needs to spend a few minutes (12 to 15 minutes, from what I understand) probing Michael until it stops returning errors. At that point, the attacker can then go to work with the chop-chop attack to get past the integrity check built into the original WEP (that TKIP still uses).

AES-protected networks, on the other hand, are immune to this attack, as AES uses an entirely different keying method called CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).



 
 
 
 
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel