Summary of WPA2 KRACK vulnerabilities

Overview

According to security researcher Mathy Vanhoef of Leuvern University, the “WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained” vulnerability can render WPA2’s powerful encryption function obsolete. As a sort of Man-in-the-Middle (MITM) attack, the KRACK vulnerability can intercept encrypted data between an AP and a station without having to access the AP. It allows theft of all information traversing a network such as credit card information, passwords, chatting messages, and e-mail.

Details

The KRACK vulnerability occurs during the authentication procedure in the interaction between an AP and a station (the AP connection password is required for a KRACK attack). It is a re-authentication attack method that that takes advantage of an error generated when an encryption validation message sent by an AP or a station is intercepted and delivered identically. As the same packet is received by the target, it is judged that the verification packet was not sent and hence the encryption verification process is performed again. The key value used for encryption and decryption is reset, the packet is initialized to 0, and a new packet can be assembled.

1) Correlation between WPA2 encryption type and KRACK attacks

Encryption	Vulnerability	Decryption
AES CCMP	Packet decryption	Packet Number can be initialized to reassemble packet by KRACK attack
WPA TKIP	Packet decryption Forgery·insertion possible	IV Field is used as PN(Packet Number) to complement WEP vulnerability from reuse of IV Packet Number can be initialized through KRACK attack. Therefore IV* value used during encryption can be acquired
GCMP	Packet decryption Forgery·insertion possible	Encryption method used in Wireless Gigabit (WiGig) As both communication directions use an identical authentication key, authentication key can be stolen through KRACK vulnerability

*IV(initialization vector): As the value used to encrypt the initial block, it is called initialization vector. If it is used repeatedly, it can be used to decrypt encrypted data. It is also referred to as nonce (number used once)

2) Comparison between existing MITM(ARP Spoofing) and KRACK attack

Attack	Common	Different
KRACK	Prior acquisition of AP password required	No need to connect to AP when performing attack MAC spoofing required(Target AP’s or disguised as station) *Can only carry out limited attacks on specific targets (Not all targets can be selected) Can decrypt packets using protected Internet communication protocols such as HTTPS If an attack cannot be detected by a packet modulation before a KRACK attack, there is no way for the user to determine whether an attack is taking place
ARP Spoofing	Must be connected to an AP during attack MAC spoofing not required (switch to the same MAC as target) Can perform attacks on specific targets or entire targets Cannot decrypt data encrypted by HTTPS ARP Cache Table verification enables detection of ARP Spoofing attack

Attack

Common

Different

KRACK

Prior acquisition of AP password required

No need to connect to AP when performing attack

MAC spoofing required(Target AP’s or disguised as station)

*Can only carry out limited attacks on specific targets (Not all targets can be selected)

Can decrypt packets using protected Internet communication protocols such as HTTPS

If an attack cannot be detected by a packet modulation before a KRACK attack, there is no way for the user to determine whether an attack is taking place

ARP Spoofing

Must be connected to an AP during attack

MAC spoofing not required (switch to the same MAC as target)

Can perform attacks on specific targets or entire targets

Cannot decrypt data encrypted by HTTPS

ARP Cache Table verification enables detection of ARP Spoofing attack

3) Classification of KRACK vulnerabilities

CVE number	Summary of vulnerabilities
CVE-2017-13077	Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.
CVE-2017-13078	Reinstallation of the group key (GTK) in the four-way handshake
CVE-2017-13079	Reinstallation of the integrity group key (IGTK) in the four-way handshake
CVE-2017-13080	Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081	Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082	Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084	Reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086	Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087	Reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088	Reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame

4) Solutions

1) Solution for each vulnerability at AP and Station

Type	CVE	*Root Cause Fix	*Mitigation	*Zero-day Protection
Station Side	CVE-2017-13077 Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.	Update Station Software	Update AP Software	AP MAC Spoofing Protection
CVE-2017-13078 Reinstallation of the group key (GTK) in the four-way handshake
CVE-2017-13079 Reinstallation of the integrity group key (IGTK) in the four-way handshake
CVE-2017-13080 Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081 Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13087 Reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame
AP Side	CVE-2017-13082 Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.	Update AP Software

Type

CVE

*Root Cause Fix

*Mitigation

*Zero-day Protection

Station Side

CVE-2017-13077

Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.

Update Station

Software

Update AP

Software

AP MAC

Spoofing

Protection

CVE-2017-13078

Reinstallation of the group key (GTK) in the four-way handshake

CVE-2017-13079

Reinstallation of the integrity group key (IGTK) in the four-way handshake

CVE-2017-13080

Reinstallation of the group key (GTK) in the group key handshake.

CVE-2017-13081

Reinstallation of the integrity group key (IGTK) in the group key handshake.

CVE-2017-13087

Reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame

Side

CVE-2017-13082

Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.

Update AP

Software

* Root Cause: resolve root cause

Mitigation: temporary measures

Zero day protection: real-time detection

2) Secure Wi-Fi Module provides users a secure wireless network by detecting KRACK attack.

<Figure 9> Details of Zero Day Protection, 2017-13077,13078,13079,13081,13087

Fake AP Detection function of Secure Wi-Fi Module:

Detects Fake AP generated from MAC spoofing attacks by a hacker

Detect Fake AP of the hacker which is generated identically to the Real AP

Before connection, provide criteria for selection of safe AP for users

After connection, connect to secure AP through connection record based verification and forgery and falsification verification

2) Solutions from point of view of users

# Update all wirelessly connected devices

Update security patches of routers and all devices connected to Wi-Fi, such as personal computers, smartphone, and tablet PCs. Setting the security patch to auto-update in preparation for future security vulnerabilities is recommended

# Inspect router

Router firmwear needs to be updated. If your internet service provider (ISP) has provided you with a router, ask which patch kit is most appropriate for the firm.

Summary of WPA2 KRACK vulnerabilities

Author: admin

Leave a Reply Cancel reply