Thin wedge driven into WPA wireless security protocol: TKIP compromised

A lot of folks these days have at least part of their home network on wireless ethernet, or WiFi. I have two wireless access points in my house, for example, and plan on adding a third. Wireless networking has security considerations: unless your WiFi network is encrypted, someone outside your home can use your bandwidth or, potentially worse, intercept your data. Wireless security was improved significantly a few years ago with the introduction of WPA (WiFi Protected Access) after the previous security method, WEP (Wireless Encryption Protocol) was “cracked”. Since then, wireless networking has been pretty much secure against any intrusion. Until now…

Security researchers have found a way to “inject” data into a WPA wireless data stream encrypted using temporal key integrity profile (TKIP). Any WiFi switch/router made in the last half dozen years or so generally gives you two choices for encryption: TKIP, or AES. If you are using AES (Advanced Encryption System), then you are totally safe. If you are using TKIP, you are still more or less safe from someone attempting to use your bandwidth. The current discovery allows only very specific, targeted types of attacks that could result in an injection of something like an incorrect address into your network data stream, resulting either in disruption of service or (theoretically) “spoofing” of an address. With some work, this might eventually allow a carefully crafted attack to direct (say) your requests for data from your bank website to some alternative service.

As it stands right now, TKIP is still pretty secure. It would be a lot harder to put the currently known compromise to nefarious use than it would be to break into your home, access your computer directly, and exit without leaving a trace. While you were still in the house. With a guard dog. And an activated alarm system.

But there are many thousands of very bright people who, once a flaw has been discovered, will be looking for new and better ways to take advantage of it. That means it is likely that more and increasingly serious flaws will be discovered. I suspect that “cracks” of TKIP will generally be of limited use and require focused (and specific) efforts to leverage, but there are a lot of people out there who like challenges. And bear in mind I’m not a security expert, I’m just interpreting what some real experts have said.

I’d suggest reading this article if you have a wireless network and want to understand the details of how WPA security has been partially compromised. If you are setting up your wireless network or reconfiguring it, I’d recommend selecting WPA-AES (sometimes called WPA2): it is still “completely” secure. Currently, WPA-TKIP is also still pretty much “safe”, but the discoveries that have been made will likely act as a launching point for new vectors of attack. As I say above, for most wireless routers/access points and network interface cards, the choice between TKIP and AES is built-in. This means that many if not most wireless users can select the still-secure AES protocol as a zero cost and minimal effort option. And if you are still using WEP… well, you are likely already a lost cause 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.