MITM attack against WPA2-Enterprise?
Perry E. Metzger
perry at piermont.com
Mon Jul 26 22:30:19 EDT 2010
On Mon, 26 Jul 2010 21:42:53 -0400 Steven Bellovin
<smb at cs.columbia.edu> wrote:
> >
> > I don't know, if it is truly only a ten line change to a common
> > WPA2 driver to read, intercept and alter practically any traffic
> > on the network even in enterprise mode, that would seem like a
> > serious issue to me. Setting up the enterprise mode stuff to work
> > is a lot of time and effort. If it provides essentially no
> > security over WPA2 in shared key mode, one wonders what the point
> > of doing that work is. This doesn't seem like a mere engineering
> > compromise.
>
> If I understand the problem correctly, it doesn't strike me as
> particularly serious. Fundamentally, it's a way for people in the
> same enterprise and on the same LAN to see each other's traffic. A
> simple ARP-spoofing attack will do the same thing; no crypto
> needed. Yes, that's a more active attack, and in theory is
> somewhat more noticeable. In practice, I suspect the actual risk
> is about the same.
I think the issue is that people have been given the impression that
WPA2 provides enough security that people can feel reasonably secure
that others will not be reading their traffic over the air the way
that they might in a pure shared key scenario, and that this justified
the extra complexity of deployment. While what you say is perfectly
true, it does lead one to ask if WPA2 enterprise has not been
significantly oversold.
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list