WPA-TKIP Broken Completely

(This article was originally posted in Japanese at 16:42 Aug. 05, 2009.)

While existing Tews-Beck method needs fifteen minutes or so to break WiFi Protected Access(a.k.a. WPA), this new method composed by Japanese academic researcher enables to break into WPA-protected networks in only a second.

Titled "A Practical Message Falsification Attack on WPA", this new method to attack WPA will be presented in JWIS2009(Joint Workshop on Information Security) held in Taiwan on Aug. 7 by Dr. Toshihiro Ohigashi, associate professor of Hiroshima University and Dr. Masakatsu Morii, professor of Graduate School of Kobe University on Aug. 7.

According to Dr. Morii, the method is about how to exploit WPA-protected wireless network by utilizing vulnerability in its protocol. This will enable crackers to falsificate packets and penetrate into protected networks.

Existing Tews-Beck method also enables to break TKIP, the key mechanism consisting WPA. But the method needs 15 minutes or so, and target of attack is limited to several version of wireless protocol. Theoritically it helps the penetration, but no actual utilization is indicated.

This new method reveals the key transmitted by TKIP using its vulnerability in much shorter time(usually in a seconds). Dr. Morii also indicates how to attack the network utilizing this method. With this, such as APR and DNS poisoning or malware infection would be enabled.

Dr. Morii says "WEP is no more valid as a encryption, and so is WPA using WEP as base mechanism. It's imperative to move onto WPA2 for better security".

Enlace del documento en Ingles: "A Practical Message Falsification Attack on WPA"
http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf



COMENTARIO:

Es muy interesante ver como las matemáticas juegan un rol muy importante en la cuestion de la seguridad; mantener los sistemas seguros utilizando metodos de cifrado, generadores de claves, etc., es de suma importancia para mantener la información integra y confidencial, pero a la vez el comprobar la eficacia de estos metodos se vuelve parte importante; comprobar su vulnerabilidad y realizar ataques a estos se comienza a realizar de manera constante, pues así se podría identificar que método es mas seguro y cual no, para que en caso de que uno no sea seguro sea reemplazado y no comprometa la seguridad de cualquier sistema que lo utilice.
En el caso de WPA, se ve como utilizando técnicas de ataque para WEP y metodos que utilizan los atacantes con frecuencia (como Man-In-the-middle) asi como falsificando los paquetes, se puede llegar a corromper un método de seguridad.