For those who miss it, the big hype this week in security was the new attack against the WPA wifi encryption. This attack was found by Martin Beck and Erik Tews and will be presented at the pansec conference in Tokyo next week. Erik Tews was already part of the team that found the of the PTW attack against the WEP encryption (he is the T).
Until the release yesterday of the technical paper, it was unclear to which extent this attack was effective. After reading it, it appears that the attack described in the paper is a chop-chop attack against the WPA TPKI encryption scheme that allows to send at most 7 crafted packets when the QOS is enable. The proof of concept of the attack will be implemented in aircrack-ng as Tews and Beck belongs to the developer team.
To protect you network against this attack, there is two things you can do :
- If you want to keep a WPA-TKIP encryption scheme, then lower the rekeying frequency to something like 60-120 seconds. It is sufficient as the attack need at least 240 seconds to be performed while the first phase (which requiers an even longer delay) is done.
- Switch to the WPA-AES encryption scheme and you will be safe (for now).
If you are not familiar with chop-chop attacks and TPKI, you should definitively ready this very nice post: Battered, but not broken: understanding the WPA crack. which gives you all the details you need.
Even if all the press will go after the WPA attack described in the paper, I think that the first part of the article that describe an improvement of the PTW attack by improving the correlations is also very nice and clever. Reducing the number of packet you need to break a WEP encryption scheme is still very interesseting.
0 Responses to “Wifi WPA TPKI attack”