Topic: Vulnerability in WPA standard, TKIP

[F3RL]

Since replacement of weak WEP encryption, TKIP itself was designed as a stopgap measure, with a planned secure lifetime of approximately five years. As this standard was adopted in 2003, a discovery of this type is not entirely unexpected.

The TKIP vulnerability discovered by Erik Trews and Martin Beck is very different from the previous, well-known attacks against WPA-PSK. Previous attacks targeted the method WPA-PSK uses to generate the initial key from the passphrase and network SSID, by brute forcing possible passwords and generating a table of the results.

The new attack targets the TKIP data exchange itself, and can affect both PSK and EAP/802.1X (enterprise) networks. It does not affect networks which use AES encryption (such as WPA2-AES). WPA1 networks using AES encryption are not affected, and WPA2 networks which still use TKIP are vulnerable.

Current attack does not compromise the key itself, but can allow packet injection attacks, which may compromise secondary security features, such as firewalls, by forging packets which cause the firewall to think connections originated from inside the LAN.

By exploiting the fact that packets in QoS queues may arrive out of order, an attacker can defeat the replay protection in TKIP and reuse a captured frame. Applying an older WEP attack known as "chopchop", the plaintext of the packet can be revealed byte-by-byte. However, the maximum rate at which the attacker can guess each byte is limited by the TKIP message integrity check (MIC). If two invalid MIC events occur within 60 seconds, the station will shut down for 60 seconds, and then reassociate with new keys.

If switching to AES is not possible, stop-gap measures may temporarily extend the lifetime of the network, but will not solve the fundamental flaw. By setting the TKIP rotation interval to a short value, the amount of time an attacker can conduct the attack and the length of time a successful attack is useful are curtailed. The current attack requires one minute per byte, so setting the TKIP rotation value to an interval of 120 seconds should prevent an attacker from making significant gains.
Source: https://airheads.arubanetworks.com/article/tkip-vulnerabilities

It was not as critical as flaw in WEP, but it is a complex attack and requires fair knowledge of WPA mechanism.
Or, scrip-kiddies can break in with a sheet of instructions and commands.
I just wanted to members to know that TKIP is no longer as safe as AES, well in fact it was a stopgap measure. Hope everyone knows what to do from here.

[zsaurabh]

Thanks for this info