Posted on 12/07/2013
Working with Dan Bernstein from the University of Illinois, Chicago, ISG researchers Nadhem AlFardan, Kenny Paterson, Bertram Poettering and Jacob Schuldt have devised a new cryptographic attack on the widely used wireless security standard WPA.
The new attack by the team exploits the particular way in which the RC4 stream cipher is used in WPA. The research builds on the team's previous work analysing the security of RC4 in TLS. Kenny Paterson takes up the story:
"After our work on TLS, we started thinking about other places where RC4 is used, and whether our attack techniques might also work there. WPA stands out as an obvious target because of its use of per packet RC4 encryption keys - this is exactly the condition needed for one of our previous attacks on RC4 in TLS to work! Ironically, this feature was introduced in WPA in order to make it stronger than its predecessor, WEP. Our attack can recover plaintext which is repeatedly encrypted in many WPA packets - for example, passwords or IP header fields. The attack needs a lot of encryptions, but the number is not totally infeasible in a busy wireless network. Our work shows that people should really abandon WPA and start using WPA2 instead - it uses much stronger cryptography and is immune to our attacks.
Further details about the new research can be found on the team's research webpage.