Mathy Vanhoef
ABSTRACT
We describe three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP). The first attack is a Denial of Service attack that can be executed by injecting only two frames every minute. The second attack demonstrates how fragmentation of 802.11 frames can be used to inject an arbitrary amount of packets, and we show that this can be used to perform a portscan on any client. The third attack enables an attacker to reset the internal state of the Michael algorithm. We show that this can be used to efficiently decrypt arbitrary packets sent towards a client. We also report on implementation vulnerabilities discovered in some wireless devices. Finally we demonstrate that our attacks can be executed in realistic environments.
- M. Beck. Enhanced TKIP michael attacks. Retrieved 4 Februari, 2013, from http://download.aircrack-ng.org/wiki-files/doc/enhanced_tkip_michael.pdf.Google Scholar
- J. Bellardo and S. Savage. 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. In Proceedigns of the USENIX Security Symposium, 2003. Google ScholarDigital Library
- K. Bicakci and B. Tavli. Denial-of-service attacks and countermeasures in IEEE 802.11 wireless networks, 2009.Google Scholar
- A. Bittau, M. Handley, and J. Lackey. The final nail in WEP's coffin. In IEEE Symposium on Security and Privacy, pages 386--400, 2006. Google ScholarDigital Library
- L. Butti and J. Tinnes. Discovering and exploiting 802.11 wireless driver vulnerabilities. Journal in Computer Virology, 4(1):25--37, 2008.Google ScholarCross Ref
- N. Ferguson. Michael: an improved MIC for 802.11 WEP. IEEE doc. 802.11-2/020r0, Jan. 2002.Google Scholar
- G. Fleishman. Say goodbye to WEP and TKIP. Retrieved 26 November, 2012, from http://bit.ly/cSFSvj, 2010.Google Scholar
- S. R. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the key scheduling algorithm of RC4. In Selected Areas in Cryptography, pages 1--24, 2001. Google ScholarDigital Library
- S. M. Glass and V. Muthukkumarasamy. A study of the TKIP cryptographic dos attack. In 15th International Conference on Networks. IEEE, 2007.Google ScholarCross Ref
- M. Guennoun, A. Lbekkouri, A. Benamrane, M. Ben-Tahir, and K. El-Khatib. Wireless networks security: Proof of chopchop attack. In WOWMOM, pages 1--4, 2008. Google ScholarDigital Library
- F. M. Halvorsen, O. Haugen, M. Eian, and S. F. Mjølsnes. An improved attack on TKIP. In 14th Nordic Conference on Secure IT Systems, NordSec '09, 2009. Google ScholarDigital Library
- B. Harris and R. Hunt. Review: TCP/IP security threats and attack methods. Computer Communications, 22(10):885--897, 1999. Google ScholarDigital Library
- J. Huang, J. Seberry, W. Susilo, and M. W. Bunder. Security analysis of michael: The IEEE 802.11i message integrity code. In EUC Workshops, pages 423--432, 2005. Google ScholarDigital Library
- IEEE Std 802.11-2012 (Rev. of IEEE Std 802.11-2007). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 2012.Google Scholar
- IEEE Std 802.11-2012 (Rev. of IEEE Std 802.11-2007). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 2012.Google Scholar
- V. Moen, H. Raddum, and K. J. Hole. Weaknesses in the temporal key hash of WPA. Mobile Computing and Communications Review, 8(2):76--83, 2004. Google ScholarDigital Library
- M. Morii and Y. Todo. Cryptanalysis for RC4 and breaking WEP/WPA-TKIP. IEICE Transactions, 94-D(11), 2011.Google Scholar
- S. Park, K. Kim, D. Kim, S. Choi, and S. Hong. Collaborative QoS architecture between DiffServ and 802.11e wireless LAN. In Vehicular Technology Conference, 2003.Google Scholar
- A. Stubblefield, J. Ioannidis, and A. D. Rubin. A key recovery attack on the 802.11b wired equivalent privacy protocol (wep). ACM Trans. Inf. Syst. Secur., 7(2), 2004. Google ScholarDigital Library
- E. Tews and M. Beck. Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security, WiSec '09, 2009. Google ScholarDigital Library
- Y. Todo, Y. Ozawa, T. Ohigashi, and M. Morii. Falsification attacks against WPA-TKIP in a realistic environment. IEICE Transactions, 95-D(2), 2012.Google Scholar
- A. Wool. A note on the fragility of the Michael message integrity code. IEEE Transactions on Wireless Communications, 3(5):1459--1462, 2004. Google ScholarDigital Library
Index Terms
- Practical verification of WPA-TKIP vulnerabilities
Recommendations
Practical Side-Channel Attacks against WPA-TKIP
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications SecurityWe measure the usage of cipher suites in protected Wi-Fi networks, and do this for several distinct geographic areas. Surprisingly, we found that 44.81% of protected networks still support the old WPA-TKIP cipher. Motivated by this, we systematically ...
Weaknesses in the temporal key hash of WPA
This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity ...
Practical attacks against WEP and WPA
WiSec '09: Proceedings of the second ACM conference on Wireless network securityIn this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack ...
Comments