Mathy Vanhoef claims that the cause of weakness in WPA2 security occurs during a 4-way handshake when an AP and client perform mutual authentication and generate session keys for data encryption.
According to Vanhoef in his recent paper, Key Reinstallation Attacks (KRACK) and their variants are based on reinstallation of already used keys and resetting initial values of associated parameters. For example, an incremental transmit packet number (nonce) and a received packet number (replay counter).
What happens during a KRAK?
During a KRAK an attacker manipulates cryptographic handshake messages using Man In The Middle or eavesdropping to force victims to reinstall an already used encryption key. Using the same pair of encryption keys and nonce to encrypt a message more than once gives attackers predictable data like an IP address from the message’s header. As a result, the attacker has all the information they need to decrypt the data – including the credentials transmitted by their victim.
The 4-way handshake was defined in protocol 802.11 amendment 802.11i. This standard includes a pseudo-code description of the 4-way handshake but does not detail processing messages in specific conditions.
An AP/client handshake can fully comply with the 802.11 standard while remaining vulnerable to KRACK. These vulnerabilities can be fixed using software and applying rules that prevent reuse of an encryption key with the same nonce and replay counter.
Risks to the Client
Nine out of ten KRACKs are directed towards the client side. An AP attack can occur when the AP supports amendment 802.11r of protocol 802.11 for the Fast Basic Service Set (BSS) Transition (FT) handshake.
According to the definition of the 4-way handshake in amendment 802.11r, the FT handshake is not vulnerable to a key reinstallation attack. However, experiments performed by Vanhoef show that the majority of FT handshakes are threatened by KRACK.
Alvarion and KRACK
Alvarion products are in a common wireless configuration mode. Although AP are not exposed to KRACK, an attack on the client side cannot be prevented. Network Administrators in all organizations using Alvarion technologies must verify that all clients receive the latest software update which includes fixes in the WPA 4-way handshake.
An attack does not reveal the network’s password. This is a pre-shared key and therefore there is no immediate need to change it. However, it is always advisable to renew the network password periodically.
The most secured configuration of the data encryption protocol for WPA-Personal is WPA2-PSK CCMP(AES) and for WPA-Enterprise is IEEE 802.1x/WPA2-EAP CCMP(AES).
Want to know more?
Research site and Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 paper by Mathy Vanhoef – 16 October 2017