Frequent readers of my tips know I haven't been afraid to pull out my soapbox and rant about the inherent insecurities in the Wired Equivalent Privacy (WEP) protocol and how it is unfit for use in any enterprise. The second part of my stump speech involves exhorting the virtues of Wi-Fi Protected Access (WPA) as an excellent alternative. Indeed, you may have been thinking of me when you read about the apparent discovery of a significant vulnerability in WPA.
Behind the WPA crack
Indeed, two German researchers recently published a paper entitled Practical Attacks Against WEP and WPA (.pdf), which describes an attack on WPA implementations that makes use of the Temporal Key Integrity Protocol (TKIP), an encryption algorithm meant to protect the wireless network. By exploiting a vulnerability in TKIP, an attacker eavesdropping on a network can potentially recover the keystream corresponding to extremely short packets (such as those used by the Address Resolution Protocol and DNS) and re-inject traffic of the same length on the network. Essentially, this means an attacker can compromise TKIP encryption enough to introduce malicious ARP and DNS traffic.
Now, before you tear down your WPA network, take a moment to think about the implications of this type of attack. First, it's important to note that the exploit allows the recovery of the keystream and not the WPA key. The keystream is the series of temporary keys used to encrypt traffic for a short period of time while the WPA key itself (which remains secure in the face of this attack) is used to generate these temporary keys. Therefore, a hacker who successfully exploits this vulnerability can't use it to decrypt all of the traffic on a given network. For
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.co.UK
the most part, data traversing the Wi-Fi network is still secure.
However, this is the first known chink in the armor of WPA-TKIP, which was a stopgap measure put in place to compensate for the significant earlier flaws discovered in the WEP protocol. It would behoove you, as a security professional, to keep your eyes open and pay attention to news of any future WPA vulnerabilities that hit the wire. While this blow merely shakes the foundation of TKIP, so to speak, another significant vulnerability could knock the house down entirely.
Protecting the wireless network
So, after reading this recent WPA vulnerability research, what protections should be implemented? There are two effective approaches that will help preserve the security of an enterprise wireless network:
The bottom line is that the sky is not falling as a result of this new Wi-Fi security vulnerability. While there is a notable flaw in the encryption behind WPA-TKIP, it is currently of limited utility. However, I recommend using this announcement as an opportunity to review the security of your own wireless network. For those using TKIP, it's a good time to consider making the switch to AES for your own peace of mind.
About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated. He also answers your questions on network security.
