Possible PTK compromission after GTK rekeying

Antonio Quartulli antonio
Sat Nov 16 06:40:13 PST 2013


On Sat, Nov 16, 2013 at 04:35:12PM +0200, Jouni Malinen wrote:
> On Fri, Nov 15, 2013 at 04:28:47PM +0100, Antonio Quartulli wrote:
> > I am running hostapd-20120428 on OpenWrt and it is exhibiting a strange
> > encryption issue (I am using wpa mixed mode: WPA/WPA2).
> > 
> > The symptom is that some Windows clients are losing their connectivity
> > after a GTK refresh (often after the first, but not necessarily).
> 
> Which driver are you using?

I am using ath9k

> Can you provide a capture file from a test
> run with keys that you can share?
> 

Mh, ok. I'll see what I can do. The point is that I have not been able to
replicate the issue in my testbed, and I can't share other people PSK :) I'll
let you know!

> > From an high level point of view it looks like the GTK rekeying is somehow
> > breaking the PTK on hostapd so that outgoing packets are not encrypted properly
> > anymore.
> 
> I'd look at the driver first..

Yeah, good hint. I'll also give it a closer look.


Cheers,

-- 
Antonio Quartulli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20131116/c77a43ef/attachment.pgp>



More information about the Hostap mailing list