Explicación Ataque Wpa
Páginas: 18 (4338 palabras)
Publicado: 20 de junio de 2012
A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi1 and Masakatu Morii2
1
Hiroshima University, 1–4–2 Kagamiyama, Higashi-Hiroshima, 739–8511 Japan ohigashi@hiroshima-u.ac.jp 2 Kobe University, 1–1 Rokkodai, Kobe-ku, Kobe-shi, 657–8501 Japan mmorii@kobe-u.ac.jp
Abstract. In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tewsattack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets oflimitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle attack. In the man-inthe-middle attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the executiontime of our attack becomes about one minute in the best case.
Keywords WPA, TKIP, falsification attack, man-in-the-middle attack
1
Introduction
Wi-Fi Protected Access (WPA)/Temporal Key Integrity Protocol (TKIP) [1] is a security protocol for wireless LAN communication, and it provides confidentiality and integrity. WPA has been designed in order to fix weaknesses [2–5] of Wired EquivalentPrivacy (WEP) [6], which is a past security protocol used in many wireless LAN products. WPA uses two kinds of keys, which are a 64-bit message integrity check (MIC) key and a 128-bit encryption key. The former is used to detect the message forgery/falsification, and the latter is used to encrypt/decrypt packets. These keys are generated from a shared master key. The security of WPA has beenanalyzed by many researchers [7–9]. Moskowitz has shown a weakness on WPA against a dictionary attack [7]. He/she can avoid the weakness to generate the master key from a random and long passphrase. Most other analyses [8, 9] have evaluated components of WPA, and these are not effective attacks for threatening WPA. In 2008, Beck and Tews have proposed a practical attack [10] on WPA implementations thosesupport IEEE802.11e Quality of Service (QoS) features [11].
Their attack (called the Beck-Tews attack) can recover a MIC key and a plaintext from an encrypted short packet (e.g., ARP packet and DNS packet), and falsifies its encrypted packet using a recovered MIC key. The execution time of the attack is about 12-15 minutes. Since the Beck-Tews attack is a method based on the reply attack, thetargets are required to support IEEE802.11e QoS features. Hence, their result is limited one. In this paper, we propose a practical message falsification attack on any WPA implementation. Firstly, in order to ease targets of limitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle (MITM) attack3 . The Beck-Tews attack on the MITM attack is not required to supportIEEE802.11e QoS features, it means that our attack can apply any WPA implementation. Secondly, we discuss an effective implementation of the MITM attack for the wireless LAN network. In the MITM attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, thirdly, wegive methods for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case.
2
Wi-Fi Protected Access
In WPA, a master key is shared between an access point and a client. The master key generate two kinds of keys, which are a 64-bit MIC key K ∗ and a 128-bit encryption key K. A 64-bit MIC is generated from a MIC key...
Toshihiro Ohigashi1 and Masakatu Morii2
1
Hiroshima University, 1–4–2 Kagamiyama, Higashi-Hiroshima, 739–8511 Japan ohigashi@hiroshima-u.ac.jp 2 Kobe University, 1–1 Rokkodai, Kobe-ku, Kobe-shi, 657–8501 Japan mmorii@kobe-u.ac.jp
Abstract. In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tewsattack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets oflimitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle attack. In the man-inthe-middle attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the executiontime of our attack becomes about one minute in the best case.
Keywords WPA, TKIP, falsification attack, man-in-the-middle attack
1
Introduction
Wi-Fi Protected Access (WPA)/Temporal Key Integrity Protocol (TKIP) [1] is a security protocol for wireless LAN communication, and it provides confidentiality and integrity. WPA has been designed in order to fix weaknesses [2–5] of Wired EquivalentPrivacy (WEP) [6], which is a past security protocol used in many wireless LAN products. WPA uses two kinds of keys, which are a 64-bit message integrity check (MIC) key and a 128-bit encryption key. The former is used to detect the message forgery/falsification, and the latter is used to encrypt/decrypt packets. These keys are generated from a shared master key. The security of WPA has beenanalyzed by many researchers [7–9]. Moskowitz has shown a weakness on WPA against a dictionary attack [7]. He/she can avoid the weakness to generate the master key from a random and long passphrase. Most other analyses [8, 9] have evaluated components of WPA, and these are not effective attacks for threatening WPA. In 2008, Beck and Tews have proposed a practical attack [10] on WPA implementations thosesupport IEEE802.11e Quality of Service (QoS) features [11].
Their attack (called the Beck-Tews attack) can recover a MIC key and a plaintext from an encrypted short packet (e.g., ARP packet and DNS packet), and falsifies its encrypted packet using a recovered MIC key. The execution time of the attack is about 12-15 minutes. Since the Beck-Tews attack is a method based on the reply attack, thetargets are required to support IEEE802.11e QoS features. Hence, their result is limited one. In this paper, we propose a practical message falsification attack on any WPA implementation. Firstly, in order to ease targets of limitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle (MITM) attack3 . The Beck-Tews attack on the MITM attack is not required to supportIEEE802.11e QoS features, it means that our attack can apply any WPA implementation. Secondly, we discuss an effective implementation of the MITM attack for the wireless LAN network. In the MITM attack, the user’s communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, thirdly, wegive methods for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case.
2
Wi-Fi Protected Access
In WPA, a master key is shared between an access point and a client. The master key generate two kinds of keys, which are a 64-bit MIC key K ∗ and a 128-bit encryption key K. A 64-bit MIC is generated from a MIC key...
Leer documento completo
Regístrate para leer el documento completo.