Forum latest

Wireless - TKIP sort of broken
General
Written by Aidan   
Friday, 07 November 2008 07:34

For a long time, we've known that wireless networks that use WEP have problems with security. However, a couple of academic researchers have identified some issues within the WPA protection provided by the 802.11i standard. They're going to be presenting their findings at a conference known as PacSec. Before you rush out and turn off all your WiFi stuff, things might not be as bad as you might have assumed. TKIP isn't broken open like WEP was.

Firstly the issue identified is within TKIP (Temporal Key Integrity Protocol), which was designed as an enhancement to WEP. In a nutshell TKIP is basically WEP, but with a couple of twists to try to avoid the two issues that originally plagued WEP. The first of these is that fact that the keys generated by WEP were sometimes weak - much simpler to break - because of the method of generation. The second of these is that WEP does not generate new keys, so if the key is cracked, all data that is transmitted can be examined. KIP avoids the weak keys, and will periodically change the encryption keys, thus protecting the data that is being transmitted.

TKIP also added a MIC (Message Integrity Check) that is designed to provide a mechanism to detect that the data has been tampered with. At a basic level, the MIC takes the unecrypted data and performs a mathematical transform to end up with 8 bytes that form a fingerprint of unencrypted data. When the packet is received at the other end, a similar check is performed to ensure that the data is correct before doing anything more with it. The MIC is transmitted in an encrypted form, so that it is difficult to tamper with. After all, there's no point providing a tamper detector where an attacker can tamper with the tamper detector!

However, some of the small packets that are found on networks can cause problems for TKIP. Protocols such as the Address Resolution Protocol (ARP) tend to be small and only have a few bytes change between them. When a typical ARP request is transmitted over TKIP, only about 13-16 of the bytes are unknown. Eight of these are the MIC and four are for the WEP checksum. The rest  are for the IP address in the ARP request. As the ARP packet is fairly static, it's possible to recover the "keystream" from the message. The keystream is effectively the encryption information that is mixed with the data to encrypt it. Once you have a valid keystream, you can encrypt and decrypt data with it. However, MIC already has replay protection built in, which is designed to stop the re-use of a keystream. On its own, this is an ineffective attack, as the keystream recovered can't be used to decrypt any other packets, nor can it be used to encrypt data.

The clever twist is the use of another 802.11 protocol - 802.11e - which was designed to provide a Quality of Service (QoS) for wireless networks. The idea behind QoS is that some types of data need more priority than others. For example, downloading a large file via bittorrent shouldn't stop a Voice over IP (VoIP) phone call from operating. Thus, the network automatically prioritises the VoIP data over bittorrent, through the use of queues.  These queues, provided 802.11e, give rise to the possibility of reuse the keystream more than once. In fact, it appears to that it can be reused somewhere between 7 and 15 times, depending on number of queues.

The downside of the attack is that it is only successful against a wireless client. Data cannot be injected into the connection to the access point. However, this might be enough to carry out attacks such as DNS poisoning, whereby false information is returned in DNS, effectively causing the computer to connect to a machine under the control of an attacker. It's not a full crack - only short packets can be manipulated, and only in one direction. Data sent across the wireless network can't be decrypted any easier than before, and your online banking is just as safe as it has been. If you do use TKIP, you might want to consider moving to AES instead. We can be sure that more people will start looking at TKIP, now that this has come to light.

[comments ]

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either