.

New Attack Cracks WPA TKIP in a Minute

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 28, 2009 11:19 am

New Attack Cracks WPA TKIP in a Minute


By Robert McMillan, IDG News Service

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.



For complete story:
http://tech.yahoo.com/news/pcworld/2009 ... ninaminute

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Aug 28, 2009 11:56 am

Re: New Attack Cracks WPA TKIP in a Minute

Thanks Don,  their research paper (linked from the article you provided) was very interesting.  I haven't seen many WPA implementations out there.  I have mostly seen WEP and WPA v2. 
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Aug 28, 2009 1:15 pm

Re: New Attack Cracks WPA TKIP in a Minute

Read about that today too, certainly interesting. Though it seems they still have to proof this in practice.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Fri Aug 28, 2009 3:55 pm

Re: New Attack Cracks WPA TKIP in a Minute

This has been kicking about for a while now hasnt it, I guess its just in the media again because of the recent claims of super fast cracking.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 28, 2009 9:15 pm

Re: New Attack Cracks WPA TKIP in a Minute

Yeah... it wasn't the fact that it was cracked, but the speed in which they claim it can be done. Even the article states that it has already been done in the 15 minute time frame.

Worthy of posting anyway.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Vertigo

Newbie
Newbie

Posts: 13

Joined: Thu Oct 16, 2008 10:34 am

Post Tue Sep 08, 2009 4:30 am

Re: New Attack Cracks WPA TKIP in a Minute

Described attack works only with one essential restriction: WAP and wireless client doesn't "see" each other:

"An access point and a client cannot be communicated directly since the
interval between these is large. The attacker behaves like a repeater, namely all packets that include SSID beacon are relaid to the receiver with no modification, and the packet of the access point/client delivers to the client/access point."
http://jwis2009.nsysu.edu.tw/location/p ... %20WPA.pdf

MiTM attacker must work with two directional antennas: one for WAP and one for wireless client. If WAP and wireless client "see" each other, attacker sending chochop guess to WAP, WAP respond with MIC failure and wireless client change TSC (TKIP Sequence Counter) and attack fails. Such restriction hasn't previous Beck-Tews attack, which works nicely with tkiptun-ng from aircrack-ng-1.0 suite, but also have other restrictions: WAP and wireless client must works in WMM(WiFi MultiMedia- QoS according 802.11e standard) mode and rekeying interval  is more than 1200 secs. In both attacks attacker get MIC key and RC4 keystreams only, not TKIP pairwise or group keys itself. Attacker with decrypted RC4 keystream can fake arp and dns packets  only.

===========
GCIH, Security+
Last edited by Vertigo on Thu Sep 10, 2009 10:23 am, edited 1 time in total.

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software