Practical verification of WPA-TKIP vulnerabilities

@inproceedings{Vanhoef2013PracticalVO,
  title={Practical verification of WPA-TKIP vulnerabilities},
  author={M. Vanhoef and Frank Piessens},
  booktitle={ASIA CCS '13},
  year={2013}
}
We describe three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP). The first attack is a Denial of Service attack that can be executed by injecting only two frames every minute. The second attack demonstrates how fragmentation of 802.11 frames can be used to inject an arbitrary amount of packets, and we show that this can be used to perform a portscan on any client. The third attack enables an attacker to reset the internal state of the Michael algorithm. We… 

Figures and Tables from this paper

Practical Side-Channel Attacks against WPA-TKIP
TLDR
This work systematically analyzes the security of several implementations of WPA-TKIP, and presents novel side-channel attacks against them, which bypass existing countermeasures and recover the Michael message authentication key in 1 to 4 minutes.
Practical Side-Channel Attacks against WPA-TKIP Domien Schepers
TLDR
This work systematically analyze the security of several implementations of WPA-TKIP, and presents novel side-channel attacks against them, which bypass existing countermeasures and recover the Michael message authentication key in 1 to 4 minutes.
Plaintext Recovery Attacks Against WPA/TKIP
TLDR
Very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification permit us to mount an effective statistical, plaintext-recovering attack in the situation where the same plaintext is encrypted in many different frames.
Breaking WPA-TKIP Using Side-Channel Attacks
TLDR
It is shown through wardriving experiments that WPA-TKIP is still widely deployed in a large percentage of today’s wireless networks, and the usage of cipher suites in protected Wi-Fi networks in several distinct geographic areas finds that 44.81% of protected networks still support the old WPA, TKIP cipher.
On the Security of RC4 in TLS and WPA
TLDR
These attacks build on recent advances in the statistical analysis of RC4, and on new ndings announced in this paper, and are supported by an experimental evaluation of the feasibility of the attacks.
A Security Analysis of the WPA-TKIP and TLS Security Protocols
TLDR
This dissertation analyzes the security of popular network protocols and finds that commodity devices allow us to violate several assumptions made by the Wi-Fi, and proposes a technique to decrypt arbitrary packets sent towards a client.
On the Security of RC4 in TLS
TLDR
C ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption are presented, building on recent advances in the statistical analysis of RC4, and on new findings announced in this paper.
Key Reinstallation Attacks : Breaking the WPA 2 Protocol
TLDR
The 4-way handshake is shown to be vulnerable to key reinstallation attacks, and it is shown that the PeerKey, group key, and Fast BSS Transition (FT) handshake are broken.
Advanced Wi-Fi attacks using commodity hardware
TLDR
It is shown that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware, and since a substantial number of networks still use TKIP as their group cipher, this shows that weaknesses in TkIP have a higher impact than previously thought.
Denial of Service Attacks Against the 4-Way Wi-Fi Handshake
TLDR
This work finds that, in practice, many implementations of the 4-way Wi-Fi handshake are vulnerable to denial-of-service attacks, and proposes countermeasures against three new attacks.
...
...

References

SHOWING 1-10 OF 24 REFERENCES
Practical attacks against WEP and WPA
TLDR
An improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key.
Weaknesses in the temporal key hash of WPA
TLDR
Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key and this shows that parts of WPA are weak on their own.
Cryptanalysis for RC4 and Breaking WEP/WPA-TKIP
TLDR
This paper presents a different interpretation and the relation between other attacks and the TeAM-OK attack against WEP, and presents an attack that is executable in a realistic environment against WPA-TKIP.
A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)
TLDR
It is concluded that the 802.11b WEP standard is completely insecure, and recommendations on how this vulnerability could be mitigated and repaired are provided.
Falsification Attacks against WPA-TKIP in a Realistic Environment
TLDR
Two new falsification attacks against Wi-Fi Protected Access Temporal Key Integrity Protocol (WPATKIP) are proposed, one of which reduces the execution time for recovering a MIC key and the other expands its targets that can be attacked.
The final nail in WEP's coffin
TLDR
A novel vulnerability is presented which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a single data packet and techniques for real-time decryption of data packets are presented, which may be used under common circumstances.
Enhanced TKIP Michael Attacks
TLDR
An attack against the Michael message integrity code, that allows an attacker to concatenate a known with an unknown valid TKIP packet such that the unknown MIC at the end is still valid for the new entire packet.
An Improved Attack on TKIP
TLDR
This paper shows that their attack on TKIP can be used to create an ARP poisoning attack and a cryptographic DoS attack and is able to decrypt DHCP ACK packets, which are over 12 times longer than the ARP packet used by Beck and Tews.
A Study of the TKIP Cryptographic DoS Attack
TLDR
The correct mechanism for an 802.11 message modification attack is shown, the implementation of this attack using a middleperson approach is described and the TKIP and Harkins countermeasures are compared in a controlled environment.
Wireless networks security: Proof of chopchop attack
TLDR
This paper gives a review of the chopchop attack and builds a mathematical model to prove theoretically that the attack is capable of decrypting messages in WEP enabled wireless networks without requiring the knowledge of the encryption key.
...
...