MITM attack against WPA2-Enterprise?

Donald Eastlake d3e3e3 at gmail.com
Sun Jul 25 18:48:56 EDT 2010


It's always possible to make protocols more secure at higher cost. Should
802.11i have required one-time pads to be couriered to all mobile stations
involved? Probably not, since it would kind of negate some of the benefits
of Wi-Fi. For group keys, should it have added another layer of security
where, say, a public was transmitted by the AP to each station using
pairwise security and the AP signed and all stations verified every
multicast/broadcast frame? Possible, but public key cryptography is a pretty
big burden if you are, for example, streaming video to multiple stations
using multicast. Seems like it would need significant hardware support.

Anyway, if these people have found some clever way to use the fact that the
group key is a shared secret key, that might be interesting. I don't see how
it is "clever" or particularly interesting that they are able to read the
standards document and understand one of the deliberate engineering
compromises in 802.11i. (Actually, there 802 standards documents can be
somewhat arcane... Maybe you do have to be clever to be able to understand
them... :-)

If you don't like Wi-Fi security, then also use IPSec or something for all
the data you send through it.

Thanks,
Donald

On Sun, Jul 25, 2010 at 6:08 PM, Perry E. Metzger <perry at piermont.com>wrote:

> On Sat, 24 Jul 2010 20:38:07 -0400 Steven Bellovin
> <smb at cs.columbia.edu> wrote:
> > There is a claim of a flaw in WPA2-Enterprise -- see
> >
> http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html
>
> Not quite a MITM attack. It is quite clever, though as with most such
> things, it seems in retrospect to be obvious. If only we always had
> hindsight. Quoting from another article:
>
>   The Advanced Encryption Standard (AES) derivative on which WPA2 is
>   based has not been cracked and no brute force is required to
>   exploit the vulnerability, Ahmad says. Rather, a stipulation in
>   the standard that allows all clients to receive broadcast traffic
>   from an access point (AP) using a common shared key creates the
>   vulnerability when an authorized user uses the common key in
>   reverse and sends spoofed packets encrypted using the shared group
>   key.
>
>
> http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html?page=1
>
> All in all, this looks bad for anyone depending on WPA2 for high
> security.
>
> --
> Perry E. Metzger                perry at piermont.com
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20100725/9cbcc372/attachment.html>


More information about the cryptography mailing list