This paper performs an in-depth analysis of the functionality of WPA2 and the Key Reinstallation Attack, announced in early November. Both forms of the attack, the 4-way handshake and the group key exploit are explained in brief detail so as to fasciliate an understanding of the processes involveds, leading into a discussion on the potential implications that this will have on a few connected areas such as BYOD policies, IoT and the Android ecosystem. A test is also conducted on an Android Phone which proves the testing mechanisms provided, and that without updated security patches for both clients and access points, the exploit is a threat.
2. Overview of Content:
WEP and
WPA2
1
What is
KRACK?
2
Low-
Operation
3
High-
Operation
4
List of
vulnerabilities
5
Summary
6
Implications
and
Conclusions
7
Self-Run Tests
8
Bibliography
9
Q&A
10
3. WEP and WPA2
WEP – RC4 Encyrption
Keystream[1]
RSNA Key Hierarchy [2]
Wired Equivalency
Protocol 802.11-1997.
76% London Firms in 2006
still used WEP. Performance
vs Safety [1].
Wi-Fi Protected Access 2
802.11i-2004.
Introduced two new
protocols, 4-way
handshake (4WH) and
Group Key Handshake
(GKH).
Header Replay counter Nonce RSC MIC Key Data
Example EAPOL Frame
4. What is KRACK?
Key Re-installation AttaCK
Discovered by Mathy Vanhoef and presented at Computer and
Communications Security Conference (CCS) on November 1st 2017.
[3]
Man-in-the-middle-attack (MitM)
“Most significant flaw to have been discovered in years” [4, 5]
All WPA2 networks and devices vulnerable
Attacks the fundamental aspects of WPA2 security.
Several vendors have released patches, others are in development
[6].
In response, WPA3 has been announced (As of January 13th 2018)
[7].
5. Low-Level
Operation
**Requires proximity
A rogue access point (AP) is
established.
Mimics a legitimate, known AP
and forces clients to connect to
it.
Intercepts traffic between the
victim and end-destination.
Further enhanced by utilising
other tools, such as an SSL
stripper to remove HTTPS.
MitM example [8]
6. KRACK against GKH
message-1 [3]
4WH relies on the wpa_supplicant (SSM)
and re-transmitting message-3 (NGT-PHS).
Blocks transmission of message-4 (INT-PHS).
Resets Nonce.
**Windows and iOS does not allow re-
transmission of message-3 due to
implementation of SSM.
GKH is used instead.
GKH duplicates the targeted AP on a
separate channel, to force the supplicant
to connect.
GKH issues a new message-1 with an
incremented replay counter.
GKH can work autonomously, due to SSID
interference.
High-Level Operation
7. Vulnerabilities
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame)
8. Summary
Interception of **encrypted traffic
Forging of packets, bi-directionally.
Paves way towards additional, directed
attacks.
9. Implications and Conclusions
Public Security
• Users don’t understand
security concerns [9].
• Malicious Access Points
• Viewable HTTP POST and
REQUEST data (blind-eye)
• Public Wi-Fi hotspots,
Universities and Enterprises
at risk of exploit.
BYOD – Mobile Ecosystems
• Two thirds of employers allow
employees to connect
personal devices to
corporate networks [10].
• Vetted, loaned devices !=
Secure
• New Security Policies
• Android is heavily
fragmented, 13.5% on latest
software.
• Only certain devices
guaranteed to receive
patches.
• **Android Treble may fix this.
Conclusions
• KRACK was discovered on
accident.
• Every Wi-FI Device
Vulnerable.
• Both Client and AP need
patches.
• Tools will be made available
online.
• Further attacks?
10.
11.
12. Bibliography
[1] A. Bittau, M. Handley, and J. Lackey, “The final nail in weps coffin,”in 27th IEEE Symposium on Security and Privacy, pp. 386–400.
[2] L. Butti and J. Tinnes, “Discovering and exploiting 802.11 wireless driver vulnerabilities,” Journal in Computer Virology, vol. 4, no. 1, pp.
25–37, 2008.
[3] M. Vanhoef and F. Piessens, “Key reinstallation attacks: Forcing nonce reuse in wpa2,” in Proceedings of the ACM Conference on
Computer and Communications Security, Dallas, TX, USA, vol. 30, 2017.
[4] R. McMillan, “Significant flaw discovered in wi-fi security protocol,” The Wall street Journal, Oct 2017. [Online]. Available:
https://www.wsj.com/art
[5] L. Eadicicco, “Krack attack: Everything to know about the wpa2 wi-fi flaw,” Time, Oct 2017. [Online]. Available:
http://time.com/4983720/krack-attack-wpa2-wifi/
[6] C. Osborne and Z. Whittaker, "Here's every patch for KRACK Wi-Fi vulnerability available right now", ZDNet, 2018. [Online]. Available:
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/. [Accessed: 15- Jan- 2018].
[7] T. Ong, "Wi-Fi Alliance announces new WPA3 security protections", Theverge.com, 2018. [Online]. Available:
https://www.theverge.com/2018/1/9/16867940/wi-fi-alliance-new-wpa3-security-protections-wpa2-announced. [Accessed: 15- Jan-
2018].
[8] F. Callegati, W. Cerroni, and M. Ramilli, “Man-in-the-middle attack to the https protocol,” IEEE Security & Privacy, vol. 7, no. 1, pp. 78–
81, 2009.
[9] P. Klasnja, S. Consolvo, J. Jung, B. M. Greenstein, L. LeGrand, P. Powledge, and D. Wetherall, “When i am on wi-fi, i am fearless:
privacy concerns & practices in everyday wi-fi use,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems.
ACM,2009, pp. 1993–2002.
[10] K. W. Miller, J. Voas, and G. F. Hurlburt, “Byod: Security and privacy considerations,” IT Professional, vol. 14, no. 5, pp. 53–55, ept 2012.