Nytro Posted May 7, 2011 Report Posted May 7, 2011 WPA Too!Md Sohail Ahmad, AirTight Networksmd.ahmad@airtightnetworks.comAbstractWPA2 is considered as the most secure configuration for WiFi networks. It is widely used to secure enterprise and private WiFi networks. Interestingly, it is also being used to secure guest, municipal and public WiFi networks. In this paper, we present a vulnerability of WPA2 protocol which can be exploited by a malicious user to attack and compromise legitimate users. We also present a few attack mitigation techniques which can be used to protect genuine WiFi users.I. IntroductionThe 802.11i [1] specifies security protocols for WiFi networks. RSN is one of the security configurations available in 802.11i and popularly known as WPA2. WPA2 supports two types of authentication- Pres-Shared Key (PSK) and IEEE 802.1x. For data encryption, WPA2 uses AES though it also supports TKIP. TKIP stands for temporal key integrity protocol and used by old devices which are compliant to WEP encryption. AES stands for advanced encryption system. Most of the current generation WiFi devices support AES.A couple of attacks on WPA/WPA2 authentication and encryption that have been published in the past are mentioned below:- PSK vulnerability [2]: PSK is vulnerable to eavesdropping and dictionary attack. To solve PSK vulnerability, it is recommended to use the IEEE 802.1x based authentication.- PEAP vulnerability [3]: A WiFi client’s configuration related vulnerability was identified in 2008. It can be avoided by simply following good practices and by not ignoring certificate validation check in client wireless configuration.- TKIP vulnerability [4]: TKIP vulnerability allows attacker to guess IP address of the subnet and then inject few small size frames to cause disruption in the network. Fast re-keying or AES can be used to fix the vulnerability.In the next section, we describe attacks based on a vulnerability of WPA2 protocol and discuss its implications. Finally, we discuss a few solutions to mitigate the attacks.Download:http://www.exploit-db.com/download_pdf/17255 Quote
