Cracks in WPA? How to continue protecting Wi-Fi networks

Behind the WPA crack
Indeed, two German researchers recently published a paper entitled Practical Attacks Against WEP and WPA (.pdf), ...

BROWSE BY TAG Network Security Tactics,   Wireless Network Security: Setup and Tools,   Wireless Network Protocols and Standards,   Enterprise Network Security,   Application and Platform Security,   Security Testing and Ethical Hacking,   Enterprise Vulnerability Management,   VIEW ALL TAGS

RELATED CONTENT Network Security Tactics How to properly implement firewall egress filtering What to do with network penetration test results How to use TrueCrypt for disk encryption Protecting enterprise networks from new mobile application downloads Maintaining security after a cloud computing implementation Preparing the network for a cloud computing implementation PuTTY configuration tips: How to connect to remote network systems A guide to internal and external network security auditing How to keep networks secure when deploying an 802.11n upgrade Screencast: Find rogue wireless access points with Vistumbler Wireless Network Protocols and Standards GSM cell phone encryption crack may force operators to upgrade Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning An introduction to wireless security Lesson 1: How to counter wireless threats and vulnerabilities Risky Business: Understanding WiFi threats Security Testing and Ethical Hacking Attackers zero in on Web application vulnerabilities What to do with network penetration test results Information security book excerpts and reviews H.D. Moore speaks about Metasploit Project deal, Release 3.3 Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 Should management processes change based on a patch release schedule? Does an EULA make it truly illegal to decompile software? Screencast: BackTrack 4 offers an arsenal of penetration testing tools Security testing firm uncovers XML vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

which describes an attack on WPA implementations that makes use of the Temporal Key Integrity Protocol (TKIP), an encryption algorithm meant to protect the wireless network. By exploiting a vulnerability in TKIP, an attacker eavesdropping on a network can potentially recover the keystream corresponding to extremely short packets (such as those used by the Address Resolution Protocol and DNS) and re-inject traffic of the same length on the network. Essentially, this means an attacker can compromise TKIP encryption enough to introduce malicious ARP and DNS traffic.

Now, before you tear down your WPA network, take a moment to think about the implications of this type of attack. First, it's important to note that the exploit allows the recovery of the keystream and not the WPA key. The keystream is the series of temporary keys used to encrypt traffic for a short period of time while the WPA key itself (which remains secure in the face of this attack) is used to generate these temporary keys. Therefore, a hacker who successfully exploits this vulnerability can't use it to decrypt all of the traffic on a given network. For the most part, data traversing the Wi-Fi network is still secure.

However, this is the first known chink in the armor of WPA-TKIP, which was a stopgap measure put in place to compensate for the significant earlier flaws discovered in the WEP protocol. It would behoove you, as a security professional, to keep your eyes open and pay attention to news of any future WPA vulnerabilities that hit the wire. While this blow merely shakes the foundation of TKIP, so to speak, another significant vulnerability could knock the house down entirely.

Protecting the wireless network
So, after reading this recent WPA vulnerability research, what protections should be implemented? There are two effective approaches that will help preserve the security of an enterprise wireless network:

• Use the Advanced Encryption Standard (AES). WPA offers two different encryption modes: TKIP and AES. While TKIP is based on the same basic mechanism as the outdated WEP protocol, AES is a newer and better encryption method that is actually less of a detriment to network performance. The vulnerability found by the German research team affects only WPA deployments that make use of the TKIP protocol. There are currently no published vulnerabilities in the AES protocol. If you're currently running TKIP, chances are that you can switch your network to AES by changing a single setting on the wireless controller. The only downside to this approach is that some older wireless equipment that doesn't support the AES protocol may no longer be able to access your network. Based upon this vulnerability, I strongly recommend that you immediately begin planning to replace any such hardware in the near future.
• Implement wireless security best practices. You'll still get quite a bit of mileage out of implementing the best practices that networking experts like myself have been preaching for years. For wireless network services in a large enterprise, be sure to use enterprise authentication, rather than a shared password. It's simply not possible to enforce user accountability when thousands of people know the password to a wireless network. If you're running a smaller network and choose to go the pre-shared key (PSK) route, where a key is previously shared between two parties through a secure channel before it needs to be used, choose a strong key of at least 20 characters and change it frequently.

The bottom line is that the sky is not falling as a result of this new Wi-Fi security vulnerability. While there is a notable flaw in the encryption behind WPA-TKIP, it is currently of limited utility. However, I recommend using this announcement as an opportunity to review the security of your own wireless network. For those using TKIP, it's a good time to consider making the switch to AES for your own peace of mind.

About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated. He also answers your questions on network security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.