HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-62
Vulnerability in Wi-Fi Protected Access(WPA) Protocol

Original issue date: November 25, 2008

Severity Rating: High

Systems Affected

  • Devices configured to use TKIP ( Temporal Key Integrity Protocol) as the encryption mechanism are affected.

Overview

A weakness has been discovered in the Wi-Fi Protected Access protocol that allows an attacker to decrypt one packet at a time , currently at a rate of one packet per 12-15 minutes to potentially access a targeted network.

Description

WPA is a subset of IEEE 802.11i standard. It addresses Wi-Fi security with a strong new encryption algorithm as well as user authentication, a feature that was not available in WEP ( Wired Equivalency Protocol) . WPA may use Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) for encryption and employs 802.1X authentication. Wireless Internet service providers (WISPs) may find that WPA's enhanced encryption and authentication schemes are attractive in public “hot spots” as they provide a high level of security for service providers and mobile users who are not utilizing VPN connections.

The weakness has been discovered in the Temporal Key Integrity Protocol (TKIP) component of Wi-Fi Protected Access (WPA).An attacker can decrypt short packets by exploiting the weakness in the checksum and failure reporting mechanisms of TKIP. The gathered information from the decrypted packets is used to launch replay or spoof attack such as ARP messages. Packets can only be decrypted when sent from the wireless access point (AP) to the client (unidirectional).

Workarounds

  • It is advised to to use WPA2 with the AES-CCMP cipher suite, because AES is a more robust standard for encryption.
  • When WPA2 with AES is not available users are advised to rotate the pairwise key more frequently.
  • Administrators may consider disabling Wi-Fi Multimedia (WMM) QoS on the network if it is not required for an application. Depending on the applications that are in use, performance may be degraded to unacceptable levels by implementing this workaround

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sr-20081121-wpa.shtml

References

 CISCO
http://www.cisco.com/warp/public/707/cisco-sr-20081121-wpa.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=17092

SANS
http://isc.sans.org/diary.html?storyid=5300

ZDNET
http://blogs.zdnet.com/security/?p=2133

SecurityFocus
http://www.securityfocus.com/bid/32164

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003