MITM attack against WPA2-Enterprise?
Steven Bellovin
smb at cs.columbia.edu
Mon Jul 26 22:37:06 EDT 2010
On Jul 26, 2010, at 10:30 19PM, Perry E. Metzger wrote:
> On Mon, 26 Jul 2010 21:42:53 -0400 Steven Bellovin
> <smb at cs.columbia.edu> wrote:
>>>
>>> I don't know, if it is truly only a ten line change to a common
>>> WPA2 driver to read, intercept and alter practically any traffic
>>> on the network even in enterprise mode, that would seem like a
>>> serious issue to me. Setting up the enterprise mode stuff to work
>>> is a lot of time and effort. If it provides essentially no
>>> security over WPA2 in shared key mode, one wonders what the point
>>> of doing that work is. This doesn't seem like a mere engineering
>>> compromise.
>>
>> If I understand the problem correctly, it doesn't strike me as
>> particularly serious. Fundamentally, it's a way for people in the
>> same enterprise and on the same LAN to see each other's traffic. A
>> simple ARP-spoofing attack will do the same thing; no crypto
>> needed. Yes, that's a more active attack, and in theory is
>> somewhat more noticeable. In practice, I suspect the actual risk
>> is about the same.
>
> I think the issue is that people have been given the impression that
> WPA2 provides enough security that people can feel reasonably secure
> that others will not be reading their traffic over the air the way
> that they might in a pure shared key scenario, and that this justified
> the extra complexity of deployment. While what you say is perfectly
> true, it does lead one to ask if WPA2 enterprise has not been
> significantly oversold.
>
Probably... To me, access link crypto is about access control. WEP --
apart from the failings in RC4 and how it was used -- got that badly
wrong, because it was impossible to change keys in any rational way.
WPA2 was supposed to fix that; I'd have been happy if that were all
it did. As others have noted, end-to-end crypto is the proper approach.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list