Dailydave mailing list archives

All Ur WiFi(WPA) R Belong 2 PacSec

From: Dragos Ruiu <dr () kyx net>
Date: Thu, 6 Nov 2008 22:54:50 -0800

Just as a heads up, one of the author(s) of the first practical crypto
attack against WPA secured wireless networks, besides
launching a dictionary attack when a weak pre-shared keys(PSK)
are used, Erik Tews, will be speaking at PacSec in Tokyo, on
Thursday next week. More specifically, his attack uses a
combination of protocol weaknesses and cryptographic
weaknesses to compromise TKIP encryption. The attack
lets the attacker inject seven packets into the network,
per decrypt window. It's an interesting attack, because it 
also hints at other attack forms, so it is rather open 
ended research.

You should discontinue use of TKIP is my recommendation.

The problem with this is that most AP implementations that
I have seen will automatically drop back to TKIP from CCMP(AES)
to support older clients. You should disable this if you are
given the option on your AP or WiFi router configuration.
Unfortunately how to do this varies on each router's
configuration systems, and some routers do not
provide facilities to do this.

If you aren't given the option to disable this, you might want
to think about getting a different Access Point or WiFi Router. :-)

You should seriously consider using some higher level
encryption facilities such as a VPN, IPsec, or SSH
to secure your communications over wireless.
Look at ssh -D <port> (or equivalent putty options)
to a wired host and the socks proxy options on
your browser to use that port on localhost, when
surfing over wireless.

On some equipment CCMP is called WPA2 and TKIP is WPA.
The WPA spec leaves support of CCMP(AES) optional
while the WPA2 spec mandates both TKIP and AES
capability.

Important WPA/WPA2 Recommendations:

-Use only CCMP(AES).
-Disable Negotiations to TKIP from CCMP(AES).
-If you must use TKIP, rekey every 120 seconds.

Quote:
To prevent this attack, we suggest using a very short rekeying time,
for example 120 seconds or less. ... The best solution would be
disabling TKIP and using a CCMP only network.

Oh, P.S. AFAIK some of the code to do this attack is out :).

If you want to find out more, you have to come to PacSec. :-)
The details are fairly intricate but the bottom line is above.
Consider yourselves duly warned.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Buenos Aires, Argentina   Sept. 30 / Oct. 1 - 2008    http://ba-con.com.ar
Tokyo, Japan  November 12/13 2008  http://pacsec.jp
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

All Ur WiFi(WPA) R Belong 2 PacSec Dragos Ruiu (Nov 07)
- Re: All Ur WiFi(WPA) R Belong 2 PacSec Dave Aitel (Nov 07)
  - Re: All Ur WiFi(WPA) R Belong 2 PacSec Stephen John Smoogen (Nov 07)
    - Re: All Ur WiFi(WPA) R Belong 2 PacSec Raul Siles (Nov 09)
    - Re: All Ur WiFi(WPA) R Belong 2 PacSec Cedric Blancher (Nov 09)
    - Re: All Ur WiFi(WPA) R Belong 2 PacSec wishi (Nov 11)
    - Re: All Ur WiFi(WPA) R Belong 2 PacSec neal wise (Nov 11)