[Cryptography] Current state of WPA2 security for IoT access ?
Christian Huitema
huitema at huitema.net
Tue Apr 26 19:49:05 EDT 2016
> On Mon, Apr 25, 2016 at 8:48 PM, Henry Baker <mailto:hbaker1 at pipeline.com> wrote:
> --
>
> https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
>
> A sysadmin told me within the last week that WPA2 was easily broken
> via Aircrack.
There are two problems:
1) WPA2 is a pass-phrase based. Easy-to-memorize pass phrases created by and for humans can be cracked by a dictionary attacks.
2) The key used for a specific device is the hash of clear-text nonce and the shared pass-phrase. Anybody who knows the shared pass-phrase and listens to the initial exchange can derive the key.
> So what is the current recommendation w.r.t. IoT devices accessing
> WPA2 wireless routers?
For IOT devices, there are two simplifications. First, there is no need to be "human friendly," since you have to use some kind of automated provisioning process. Second, you are probably not very concerned with some IOT devices snooping on other IOT devices in the same network. The simplest solution is thus to use a long machine generated pass phrase for the WPA2 routers dedicated to the IOT network.
For human friendly networks, the solution is to move away from WPA2 and use an 802.1X based solution. PEAP + MSCHAPv2 using a common identity and a common pass phrase would work just fine.
-- Christian Huitema
More information about the cryptography
mailing list