MITM attack against WPA2-Enterprise?

Steven Bellovin smb at cs.columbia.edu
Mon Jul 26 22:37:06 EDT 2010 

On Jul 26, 2010, at 10:30 19PM, Perry E. Metzger wrote:

> On Mon, 26 Jul 2010 21:42:53 -0400 Steven Bellovin
> <smb at cs.columbia.edu> wrote:
>>> 
>>> I don't know, if it is truly only a ten line change to a common
>>> WPA2 driver to read, intercept and alter practically any traffic
>>> on the network even in enterprise mode, that would seem like a
>>> serious issue to me. Setting up the enterprise mode stuff to work
>>> is a lot of time and effort. If it provides essentially no
>>> security over WPA2 in shared key mode, one wonders what the point
>>> of doing that work is. This doesn't seem like a mere engineering
>>> compromise.
>> 
>> If I understand the problem correctly, it doesn't strike me as
>> particularly serious.  Fundamentally, it's a way for people in the
>> same enterprise and on the same LAN to see each other's traffic.  A
>> simple ARP-spoofing attack will do the same thing; no crypto
>> needed.  Yes, that's a more active attack, and in theory is
>> somewhat more noticeable.  In practice, I suspect the actual risk
>> is about the same.
> 
> I think the issue is that people have been given the impression that
> WPA2 provides enough security that people can feel reasonably secure
> that others will not be reading their traffic over the air the way
> that they might in a pure shared key scenario, and that this justified
> the extra complexity of deployment. While what you say is perfectly
> true, it does lead one to ask if WPA2 enterprise has not been
> significantly oversold.
> 
Probably...  To me, access link crypto is about access control.  WEP --
apart from the failings in RC4 and how it was used -- got that badly
wrong, because it was impossible to change keys in any rational way.
WPA2 was supposed to fix that; I'd have been happy if that were all
it did.  As others have noted, end-to-end crypto is the proper approach.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list