More Web Proxy on the site http://driver.im/

research-article

Practical Side-Channel Attacks against WPA-TKIP

Authors:

Domien Schepers,

Aanjhan Ranganathan,

Mathy VanhoefAuthors Info & Claims

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Pages 415 - 426

https://doi.org/10.1145/3321705.3329832

Published: 02 July 2019 Publication History

Abstract

We measure the usage of cipher suites in protected Wi-Fi networks, and do this for several distinct geographic areas. Surprisingly, we found that 44.81% of protected networks still support the old WPA-TKIP cipher. Motivated by this, we systematically analyze the security of several implementations of WPA-TKIP, and present novel side-channel attacks against them. The presented attacks bypass existing countermeasures and recover the Michael message authentication key in 1 to 4 minutes. Using this key, an adversary can then decrypt and inject network traffic. In contrast, previous attacks needed 7 to 8 minutes. These results stress the urgent need to stop using WPA-TKIP.

References

[1]

IEEE Std 802.11. 2012. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Spec.

[2]

IEEE Std 802.11e. 2005. Amendment 8: Medium Access Control (MAC) Quality of Service Enhancements.

[3]

IEEE Std 802.11i. 2004. Amendment 6: Medium Access Control (MAC) Security Enhancements.

[4]

IEEE Std 802.11i/D3.0. 2002. Draft Amendment 6: Medium Access Control (MAC) Security Enhancements - version D3.0.

[5]

Aircrack-ng. 2019. FAQ: What is the best wireless card to buy? Retrieved 19 January 2019 from https://www.aircrack-ng.org/doku.php?id=faq.

[6]

Nadhem AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering, and Jacob C. N. Schuldt. 2013. On the Security of RC4 in TLS and WPA. Technical Report.

[7]

Wi-Fi Alliance. 2015. Technical Note: Removal of TKIP from Wi-Fi Devices.

[8]

Johannes Berg. 2013. {138/251} mac80211: fix duplicate retransmission detection. Retrieved 19 January 2019 from https://lore.kernel.org/patchwork/patch/405688/.

[9]

Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. 2003. Security flaws in 802.11 data link protocols. Commun. ACM, Vol. 46, 5 (2003), 35--39.

Digital Library

[10]

Niels Ferguson. 2002. Michael: an improved MIC for 802.11 WEP. IEEE doc, Vol. 802, 2 (2002).

[11]

Scott Fluhrer, Itsik Mantin, and Adi Shamir. 2001. Weaknesses in the key scheduling algorithm of RC4. In SAC. Springer, 1--24.

Digital Library

[12]

Pierre-Alain Fouque, Gwenaëlle Martinet, Frédéric Valette, and Sébastien Zimmer. 2008. On the Security of the CCM Encryption Mode and of a Slight Variant. In International Conference on Applied Cryptography and Network Security. Springer.

Digital Library

[13]

Mouhcine Guennoun, Aboubakr Lbekkouri, Amine Benamrane, Mohamed Ben-Tahir, and Khalil El-Khatib. 2008. Wireless networks security: Proof of chopchop attack. In WoWMoM. IEEE.

Digital Library

[14]

Dan Harkins and Warren Kumari. 2017. Opportunistic Wireless Encryption. RFC 8110.

[15]

Changhua He and John C Mitchell. 2004. Analysis of the 802.11 i 4-Way Handshake. In Proceedings of the 3rd ACM workshop on Wireless security. ACM, 43--50.

Digital Library

[16]

Changhua He, Mukund Sundararajan, Anupam Datta, Ante Derek, and John C Mitchell. 2005. A modular correctness proof of IEEE 802.11 i and TLS. In CCS.

Digital Library

[17]

Jianyong Huang, Jennifer Seberry, Willy Susilo, and Martin Bunder. 2005. Security analysis of michael: the IEEE 802.11 i message integrity code. In IEEE EUC.

Digital Library

[18]

KoreK. 2004. chopchop (Experimental WEP attacks). Retrieved 21 January 2019 from http://www.netstumbler.org/unix-linux/chopchop-experimental-wep-attacks-t12489.html.

[19]

Jouni Malinen. 2008. ChangeLog for wpa_supplicant v0.6.6. Retrieved 19 January 2019 from https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog.

[20]

CHJC Mitchell and Changhua He. 2005. Security Analysis and Improvements for IEEE 802.11 i. In NDSS. Citeseer, 90--110.

[21]

Masakatu Morii and Yosuke Todo. 2011. Cryptanalysis for rc4 and breaking wep/wpa-tkip. IEICE Trans. on Inf. and Systems, Vol. 94, 11 (2011), 2087--2094.

[22]

Toshihiro Ohigashi and Masakatu Morii. 2009. A practical message falsification attack on WPA. Proc. JWIS (2009).

[23]

Kenneth G. Paterson, Bertram Poettering, and Jacob C. N. Schuldt. 2014. Big Bias Hunting in Amazonia: Large-Scale Computation and Exploitation of RC4 Biases (Invited Paper). In ASIACRYPT. 398--419.

[24]

Jon Rosdahl. 2017. Minutes REVmd -- July 2017 Berlin. https://mentor.ieee.org/802.11/dcn/17/11--17-0857-01-000m-minutes-revmd-july-2017-berlin.docx Retrieved January 21, 2019 from

[25]

Jon Rosdahl, Mark Hamilton, and Michael Montemurro. 2018. Minutes REVmd -- May 2018 -- Warsaw. https://mentor.ieee.org/802.11/dcn/18/11--18-0616-00-000m-minutes-revmd-may-2018-warsaw.docx Retrieved January 10, 2019 from

[26]

Amirali Sanatinia, Sashank Narain, and Guevara Noubir. 2013. Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study. In IEEE CNS. 430--437.

[27]

Graham Smith. 2018. Resolution for WEP/TKIP removal CIDs. https://mentor.ieee.org/802.11/dcn/18/11--18-0652-01-000m-resolution-for-wep-tkip-removal-cids.docx Retrieved January 21, 2019 from

[28]

Chris McMahon Stone, Tom Chothia, and Joeri de Ruiter. 2018. Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In European Symposium on Research in Computer Security. Springer, 325--345.

Digital Library

[29]

Erik Tews and Martin Beck. 2009. Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security. ACM.

Digital Library

[30]

Yosuke Todo, Yuki Ozawa, Toshihiro Ohigashi, and Masakatu Morii. 2012. Falsification attacks against WPA-TKIP in a realistic environment. IEICE TRANSACTIONS on Information and Systems, Vol. 95, 2 (2012), 588--595.

[31]

Mathy Vanhoef. 2016. A Security Analysis of the WPA-TKIP and TLS Security Protocols. Ph.D. Dissertation. KU Leuven.

[32]

Mathy Vanhoef and Frank Piessens. 2013. Practical verification of WPA-TKIP vulnerabilities. In AsiaCCS. ACM, 427--436.

Digital Library

[33]

Mathy Vanhoef and Frank Piessens. 2017. Key reinstallation attacks: Forcing nonce reuse in WPA2. In CCS. ACM, 1313--1328.

Digital Library

[34]

Mathy Vanhoef and Frank Piessens. 2018. Release the Kraken: New KRACKs in the 802.11 Standard. In CCS. ACM, 299--314.

Digital Library

[35]

Mathy Vanhoef, Domien Schepers, and Frank Piessens. 2017. Discovering logical vulnerabilities in the Wi-Fi handshake using model-based testing. In ACSAC.

Digital Library

[36]

Stefan Viehböck. 2011. Wi-Fi protected setup pin brute force vulnerability. CERT Vulnerability Note VU, Vol. 723755 (2011).

[37]

Wi-Fi Alliance. 2015. Technical Note: Removal of TKIP from Wi-Fi Devices. Retrieved 8 January 2019 from https://www.wi-fi.org/downloads-public/Wi-Fi_Alliance_Technical_Note_TKIP_v1.0.pdf/17196.

[38]

Wi-Fi Alliance. 2018. WPA3 Specification Version 1.0. Retrieved 8 January 2019 from https://www.wi-fi.org/file/wpa3-specification-v10.

[39]

Avishai Wool. 2004. A note on the fragility of the "Michael" message integrity code. IEEE Transactions on Wireless Communications, Vol. 3, 5 (2004), 1459--1462.

Digital Library

Cited By

Shinde OKulkarni VPatani HRajput AJaiswal R(2024)A Survey: Network Attack Detection and Mitigation TechniquesSmart Trends in Computing and Communications10.1007/978-981-97-1320-2_22(263-275)Online publication date: 14-Jun-2024
https://doi.org/10.1007/978-981-97-1320-2_22
Wang KZheng YZhang QBai GQin MZhang DDong J(2022)Assessing certificate validation user interfaces of WPA supplicantsProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3517026(501-513)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3517026
Tran Le DTran TDang KAlkanhel RMuthanna A(2022)Malware Spreading Model for Routers in Wi-Fi NetworksIEEE Access10.1109/ACCESS.2022.318224310(61873-61891)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3182243
Show More Cited By

Recommendations

Practical verification of WPA-TKIP vulnerabilities
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

We describe three attacks on the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP). The first attack is a Denial of Service attack that can be executed by injecting only two frames every minute. The second attack demonstrates how ...
Practical attacks against WEP and WPA
WiSec '09: Proceedings of the second ACM conference on Wireless network security

In this paper, we describe two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack ...
Weaknesses in the temporal key hash of WPA

This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

July 2019

708 pages

ISBN:9781450367523

DOI:10.1145/3321705

General Chairs:
Steven Galbraith
University of Auckland, New Zealand
,
Giovanni Russello
University of Auckland, New Zealand
,
Willy Susilo
University of Wollongong, Australia
,
Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany & Nanyang Technological University, Singapore
,
Engin Kirda
Northeastern University, USA
,
Zhenkai Liang
National University of Singapore, Singapore

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Asia CCS '19

Sponsor:

SIGSAC

Asia CCS '19: ACM Asia Conference on Computer and Communications Security

July 9 - 12, 2019

Auckland, New Zealand

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
334
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shinde OKulkarni VPatani HRajput AJaiswal R(2024)A Survey: Network Attack Detection and Mitigation TechniquesSmart Trends in Computing and Communications10.1007/978-981-97-1320-2_22(263-275)Online publication date: 14-Jun-2024
https://doi.org/10.1007/978-981-97-1320-2_22
Wang KZheng YZhang QBai GQin MZhang DDong J(2022)Assessing certificate validation user interfaces of WPA supplicantsProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3517026(501-513)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3517026
Tran Le DTran TDang KAlkanhel RMuthanna A(2022)Malware Spreading Model for Routers in Wi-Fi NetworksIEEE Access10.1109/ACCESS.2022.318224310(61873-61891)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3182243
Schwenk JSchwenk J(2022)Wireless LAN (WLAN)Guide to Internet Cryptography10.1007/978-3-031-19439-9_6(99-119)Online publication date: 26-Nov-2022
https://doi.org/10.1007/978-3-031-19439-9_6
Schepers DVanhoef MRanganathan APöpper CVanhoef MBatina LMayrhofer R(2021)A framework to test and fuzz wi-fi devicesProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3448300.3468261(368-370)Online publication date: 28-Jun-2021
https://dl.acm.org/doi/10.1145/3448300.3468261
Moissinac KRamos DRendon GElleithy A(2021)Wireless Encryption and WPA2 Weaknesses2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC51732.2021.9376023(1007-1015)Online publication date: 27-Jan-2021
https://doi.org/10.1109/CCWC51732.2021.9376023

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten