What Has Happened
x
Security researchers have discovered a weakness in the Wi-Fi
Protected Access 2 (WPA2) protocol that is used in all modern Wi-Fi
networks. A malicious attacker in range
of a potential unpatched victim can exploit this weakness to read information that
was previously assumed to be safely encrypted. The vulnerability is within the
Wi-Fi IEEE 802.11 standard itself, and is therefore not unique to any
particular access point or client device vendor. It is
generally assumed that any Wi-Fi enabled device is potentially vulnerable to
this particular issue.
A Summary of How WPA2 Security Works
WPA2-AES security consists of both authorization and
encryption. The authorization step is
used to determine whether a particular client is allowed to access the wireless
network, and comes in two flavors, Personal and Enterprise. In WPA2-AES Personal, a pre-shared key or
passphrase is used to provide the essential identifying credential. In WPA2-AES Enterprise, the Extensible
Authentication Protocol (EAP) is used to validate the client credentials
against an external RADIUS or Active Directory server. In either the WPA2-AES Personal or WPA2-AES
Enterprise scenario, once the client’s authorization credentials are validated,
a unique set of encryption keys are established between that particular access
point and that particular client device, so as to encrypt the traffic between
them. This encryption process is done
via a four-way handshake, where particular temporal (i.e. temporary) keys are passed back and forth between
the access point and the client device so that each can derive the appropriate unique
encryption key pair used for that connection.
A Summary of the Vulnerability
The security researchers discovered that they can manipulate
and replay the third message in the four-way handshake to perform a key
reinstallation attack (KRACK). Strictly
speaking, each temporal key that is passed in the four-way handshake should only be used
once and never re-used. However, in a
key reinstallation attack, the attacker pretends to be a valid access point and
tricks the client device into reinstalling a temporal key that is already in use,
serving to reset the transmit and receive packet numbers. For WPA2-AES, the attacker can then derive
the same encryption key as the client device, and thus decode upstream traffic
from the client device to the access point.
For the older (and less secure) WPA-TKIP, the attacker can go even further,
and potentially forge and inject new packets into the data stream.
For an attack to be carried out to take advantage of this
vulnerability, it must be done by a malicious actor conducting a
man-in-the-middle attack (i.e. pretending to be an AP on your network and
serving to be a relay between the client device and the legitimate wireless
network).
How this Vulnerability Impacts Access Point Products and Networks
As the issue occurs on client devices, the first step for
any network operator is to check with your client device manufacturers for
security patches and updates and apply these updates as soon as they are
available.
This particular vulnerability has no direct impact on any APs operating in “access point” mode.
However, access points that are being used as client devices
(i.e. APs operating in “client bridge” mode) or any access points that
are being used for point-to-multipoint communications (i.e. APs
operating in “WDS bridge” or “WDS station” mode) are potentially impacted by
this vulnerability in the IEEE 802.11 protocol.
Furthermore, some advanced applications and features, such as mesh
networking and fast roaming (i.e. 802.11r), may also be potentially vulnerable
to this issue.
Access point vendors are currently actively investigating
the impact of this vulnerability across all of the products in our product
portfolio, and will be issuing firmware releases in the coming days and weeks
to address this issue. In the interim, continue to use WPA2-AES Personal or WPA2-AES
Enterprise for network security. Do not
use WEP and do not use WPA-TKIP, as the vulnerabilities of those deprecated security
protocols are significantly more serious and easier to execute by a malicious
attacker.
For More Information
The website https://www.krackattacks.com/
provides a detailed summary of the issue along with links to the research paper
and tools detailing the vulnerability.
Hi Jason - just wanted to compliment you on this, it really helps clarify some of finer points of KRACK
ReplyDelete