WPA with TKIP done

Jouni Malinen j
Sun Sep 6 07:01:45 PDT 2009

On Wed, Sep 02, 2009 at 02:09:49PM +0300, Andriy Tkachuk wrote:

> If sincerely, I can not imagine how an attacker could organize 
> man-in-the-middle attack to the setup where the AP directly see the 
> STAtion staying physically unnoticeable.

Using two directional antennas should make this relatively simple
operation in a large network with multiple APs. All you need to do is to
clone an AP that the station cannot currently hear directly. Taken into
account the normal antenna configuration in station devices, it should
be easy to get directional antennas with enough gain (and radio with
enough TX power) to make your cloned device look like a good roaming
candidate from the target station view point.

Not that this would still make the attack of much practical use due to
the limitations on what exactly you can do with the presented
mechanisms. Anyway, you can do that little quite a bit more quickly
and/or frequently as far as injecting modified frames is concerned.

> As Beck & Tews suggested in theirs paper, to countermeasure these type 
> of attacks users can decrease rekeying time from default 10 minutes to 2 
> or less minutes (wpa_ptk_rekey parameter starting from hostapd-0.6.6 
> version). Also Beck & Tews suggest to avoid sending MIC failure report 
> frames by clients at all. Instead, Jouni only added an optional 
> mitigation mechanism to wpa_supplicant starting from 0.6.6 version for 
> such type of attack by delaying Michael MIC error reports by a random 
> amount of time between 0 and 60 seconds. Jouni, could you comment, why 
> we just can't follow Beck & Tews suggestion here and just avoid sending 
> of MIC failure report frames at all (at least make this approach 
> configurable, since it looks like WFA certification testplan checks it)?

Sending of Michael MIC failure reports is a required behavior for the
station both in the IEEE standard and in WFA certification. Michael MIC
design was a compromise and it does not survive against active attacks
without some protection.

I don't see much point in trying to patch up issues with TKIP anymore.
If you are willing to go to the effort of this type of optimizations,
you should just go all the way through and replace TKIP with CCMP.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list