We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > News > ISG researchers devise new attack on WPA/TKIP
More in this section News articles

ISG researchers devise new attack on WPA/TKIP

Posted on 12/07/2013

Working with Dan Bernstein from the University of Illinois, Chicago, ISG researchers Nadhem AlFardan, Kenny Paterson, Bertram Poettering and Jacob Schuldt have devised a new cryptographic attack on the widely used wireless security standard WPA.

The new attack by the team exploits the particular way in which the RC4 stream cipher is used in WPA. The research builds on the team's previous work analysing the security of RC4 in TLS. Kenny Paterson takes up the story:

"After our work on TLS, we started thinking about other places where RC4 is used, and whether our attack techniques might also work there. WPA stands out as an obvious target because of its use of per packet RC4 encryption keys - this is exactly the condition needed for one of our previous attacks on RC4 in TLS to work! Ironically, this feature was introduced in WPA in order to make it stronger than its predecessor, WEP. Our attack can recover plaintext which is repeatedly encrypted in many WPA packets - for example, passwords or IP header fields. The attack needs a lot of encryptions, but the number is not totally infeasible in a busy wireless network. Our work shows that people should really abandon WPA and start using WPA2 instead - it uses much stronger cryptography and is immune to our attacks.

Further details about the new research can be found on the team's research webpage.



   
 
 
 

Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback
Close