Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
نویسندگان
چکیده
We analyze the generation and management of 802.11 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network. First we argue that the 802.11 random number generator is flawed by design, and provides an insufficient amount of entropy. This is confirmed by predicting randomly generated group keys on several platforms. We then examine whether group keys are securely transmitted to clients. Here we discover a downgrade attack that forces usage of RC4 to encrypt the group key when transmitted in the 4-way handshake. The per-message RC4 key is the concatenation of a public 16-byte initialization vector with a secret 16-byte key, and the first 256 keystream bytes are dropped. We study this peculiar usage of RC4, and find that capturing 231 handshakes can be sufficient to recover (i.e., decrypt) a 128-bit group key. We also examine whether group traffic is properly isolated from unicast traffic. We find that this is not the case, and show that the group key can be used to inject and decrypt unicast traffic. Finally, we propose and study a new random number generator tailored for 802.11 platforms.
منابع مشابه
NxWLAN: Neighborhood eXtensible WLAN
The increased usage of IEEE 802.11 Wireless LAN (WLAN) in residential environments by unexperienced users leads to dense, unplanned and chaotic residential WLAN deployments. Often WLAN Access Points (APs) are deployed unprofitable in terms of radio coverage and interference conditions. In many cases the usage of the neighbor’s AP would be beneficial as it would provide better radio coverage in ...
متن کاملSecurity Improvement for Management Frames in IEEE 802.11 Wireless Networks
IEEE 802.11 Wireless LAN (WLAN) has gained popularity. WLANs use different security protocols like WEP, WPA and WPA2. The newly ratified WPA2 provides the highest level of security for data frames. However WPA2 does not really mention about protection of management frames. In other words IEEE 802.11 management frames are always sent in an unsecured manner. In fact the only security mechanism fo...
متن کاملComparison of Various Wlan Securities
As Wireless Local Area Networks (WLANs) are rapidly deployed to expand the field of wireless products, the provision of authentication and privacy of the information transfer will be mandatory. WLANs are also playing much larger role in corporate network environments and are already very popular for home networking applications. This increase in accessibility has created large security holes fo...
متن کاملWPA vs. WPA2: Is WPA2 Really an Improvement on WPA?
Significant weaknesses in the Wired Equivalency Protocol (WEP) led to the creation of the Wi-Fi Protected Access (WPA) Wired Local Area Network (WLAN) security protocol and the amendment to that protocol, WPA2. Certified by the WiFi Alliance in 2001, WPA[1] was superseded by WPA2 in 2006[1] as being mandatory for usage with the IEEE 802.11i standard for specifying security for wireless networks...
متن کاملLinear threshold verifiable secret sharing in bilinear groups
In many pairing-based cryptosystems, the secret keys are elements of bilinear groups. For safeguarding such secret keys or decrypting or signing in a threshold manner, Verifiable Secret Sharing (VSS) in bilinear groups is required. In this paper, we show a method of verifiably sharing a random secret in a bilinear group. Our method is simple and practical. It can be regarded as a generalisation...
متن کامل