Frequent readers of my tips know I haven't been afraid to pull out my soapbox and rant about the inherent insecurities in the Wired Equivalent Privacy (WEP)
Behind the WPA crack
Indeed, two German researchers recently published a paper entitled Practical Attacks Against WEP and WPA (.pdf), which describes an attack on WPA implementations that makes use of the Temporal Key Integrity Protocol (TKIP), an encryption algorithm meant to protect the wireless network. By exploiting a vulnerability in TKIP, an attacker eavesdropping on a network can potentially recover the keystream corresponding to extremely short packets (such as those used by the Address Resolution Protocol and DNS) and re-inject traffic of the same length on the network. Essentially, this means an attacker can compromise TKIP encryption enough to introduce malicious ARP and DNS traffic.
Now, before you tear down your WPA network, take a moment to think about the implications of this type of attack. First, it's important to note that the exploit allows the recovery of the keystream and not the WPA key. The keystream is the series of temporary keys used to encrypt traffic for a short period of time while the WPA key itself (which remains secure in the face of this attack) is used to generate these temporary keys. Therefore, a hacker who successfully exploits this vulnerability can't use it to decrypt all of the traffic on a given network. For the most part, data traversing the Wi-Fi network is still secure.
However, this is the first known chink in the armor of WPA-TKIP, which was a stopgap measure put in place to compensate for the significant earlier flaws discovered in the WEP protocol. It would behoove you, as a security professional, to keep your eyes open and pay attention to news of any future WPA vulnerabilities that hit the wire. While this blow merely shakes the foundation of TKIP, so to speak, another significant vulnerability could knock the house down entirely.
Protecting the wireless network
So, after reading this recent WPA vulnerability research, what protections should be implemented? There are two effective approaches that will help preserve the security of an enterprise wireless network:
- Use the Advanced Encryption Standard (AES). WPA offers two different encryption modes: TKIP and AES. While TKIP is based on the same basic mechanism as the outdated WEP protocol, AES is a newer and better encryption method that is actually less of a detriment to network performance. The vulnerability found by the German research team affects only WPA deployments that make use of the TKIP protocol. There are currently no published vulnerabilities in the AES protocol. If you're currently running TKIP, chances are that you can switch your network to AES by changing a single setting on the wireless controller. The only downside to this approach is that some older wireless equipment that doesn't support the AES protocol may no longer be able to access your network. Based upon this vulnerability, I strongly recommend that you immediately begin planning to replace any such hardware in the near future.
- Implement wireless security best practices. You'll still get quite a bit of mileage out of implementing the best practices that networking experts like myself have been preaching for years. For wireless network services in a large enterprise, be sure to use enterprise authentication, rather than a shared password. It's simply not possible to enforce user accountability when thousands of people know the password to a wireless network. If you're running a smaller network and choose to go the pre-shared key (PSK) route, where a key is previously shared between two parties through a secure channel before it needs to be used, choose a strong key of at least 20 characters and change it frequently.
The bottom line is that the sky is not falling as a result of this new Wi-Fi security vulnerability. While there is a notable flaw in the encryption behind WPA-TKIP, it is currently of limited utility. However, I recommend using this announcement as an opportunity to review the security of your own wireless network. For those using TKIP, it's a good time to consider making the switch to AES for your own peace of mind.
About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated. He also answers your questions on network security.
This was first published in February 2009