The news this week that Japanese researchers have devised a practical method to attack Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP) encryption in about a minute should not come as earth-shattering news to anyone. Just as earlier encryption methods have been compromised, the contest between security standards and the methods to defeat those standards is a continuously advancing process. The evolving speed of computing equipment has also made attacks much quicker as that equipment has become faster.
Wired Equivalent Protection (WEP), the earliest standard for Wi-Fi encryption was an interim solution that lasted about four years before it was rendered useless by attacks on the protocol and the encryption method used, Rivest Cipher Four (RC4). Since the initial weaknesses in WEP were discovered, additional methods of attack have been developed and CPU speed has increased, further aiding the attacker.
WPA with TKIP encryption was developed as an interim standard, created to maintain backward compatibility with hardware that had supported WEP. WPA with TKIP also used RC4 as its encryption, but WPA was a much better implementation without the weaknesses of the WEP protocol. Although it was originally slated to delay the need for equipment replacement, many enterprises used this as an excuse to not spend money. Last year an attack against WPA with TKIP was proposed by German students Erik Tews and Martin Beck. This attack method allows an attacker to inject arbitrary data into a previously secure stream by making minor modifications to a packet’s contents, changing the checksum, and checking the results by sending the packet back to the access point. This could be used successfully to carry out an ARP cache poisoning attack or execute a DNS spoofing. The Tews and Beck paper is available for download.
This week, the packet injection attack against WPA with TKIP has become quite practical. Instead of replaying modified packets back into the network and waiting for a response, this new attack utilizes a man-in-the-middle attack in addition to the Tews and Beck attack and in some cases can take just one minute. This is important when network re-key times are set to low values. The attacker’s machine simply forwards the client’s packets to the access point, rendering the replay detection ineffective. While this attack does not break the RC4 encryption, it is a practical method to inject packets into the data stream. The two Japanese researchers who developed the attack have published ‘A Practical Message Falsification Attack on WPA,’ which contains further information. Although WPA with AES encryption remains secure, a later version of the WPA protocol, WPA2, is available and widely supported by wireless equipment. WPA2 uses a much more robust method of key exchange.
Just as older wireless security standards have been made weaker with time and the advancement of computing power, so have other data security standards. The Data Encryption Standard (DES) has been compromised by brute force attacks, as the computing power necessary to successfully carry out an attack is now obtainable in even lower-end personal computers. Triple DES was developed to make this attack much more difficult, but as computing capabilities advance, so will the ability to use these resources to compromise more secure systems. The Advanced Encryption Standard (AES) was developed to stay ahead of attacks becoming possible with 3DES. Several attacks have been developed for systems using hash functions such as Message Digest Five (MD5) or Secure Hash Algorithm One (SHA-1). These attacks work by finding message values that produce the same value of hash. SHA was extended with longer hash values to reduce the possibility of collisions and named SHA-2. However, SHA-2 uses the same algorithm as SHA-1, and a new more secure alternative is being sought.
WPA is just one of the security protocols that is beginning to show its age. System and network administrators must stay abreast of current standards and the direction that the industry is heading. Failure to do so will eventually result in compromised systems.