A new paper by a leading security expert has claimed the new Wi-Fi Protected Access (WPA) security standard may be less secure, in certain scenarios, than WEP, the wireless standard it was designed to replace.
In the paper, Weakness in Passphrase Choice in WPA Interface, Robert Moskowitz, a senior technical director at ICSA Labs, part of TruSecure, describes a number of problems with the new WPA standard, including the ability of attackers to “sniff” critical information from wireless traffic and to discover the value of a wireless network’s security key.
WPA is a new security standard based on work by the Institute of Electrical and Electronics Engineers (IEEE) on the 802.11i wireless security standard. It is intended to replace Wired Equivalent Privacy (WEP), the most common standard for securing data on wireless networks.
WPA offers a number of security improvements over WEP, including better data encryption and the ability to authenticate users on large networks using a separate authentication service such as Remote Authentication Dial-In User Service, before allowing them to join the network, according to the Wi-Fi Alliance, a wireless industry group. The problems with WPA centre on the use of Pre-Shared Keys (PSKs), which are an alternative authentication tool for small businesses and home users that do not want to use a separate authentication server and full 802.1x key infrastructure, according to Moskowitz, who helped design the 802.11i wireless security standard and WPA.
As with WEP, wireless users can use passphrases for the PSK, which can range from 8 to 63 bytes.
Most wireless equipment makers allows only a single PSK to be used on a wireless network, Moskowitz said.
Moskowitz writes that the method that WPA devices use to conduct “handshakes”, or exchanges of information that are used to generate data encryption keys for wireless sessions, allows attackers who do not know a PSK to guess it using what is known as a “dictionary” attack.
In dictionary attacks, attackers capture (or “sniff”) wireless network traffic in transit between the access point and the wireless workstation, then use specialised software programs to guess the key.
Other wireless security standards are also vulnerable to such attacks. WEP keys have long been known to be insecure. More recently, a security expert showed that Cisco’s Lightweight Extensible Authentication Protocol (LEAP) standard is vulnerable to dictionary attacks too.
However, attackers who want to compromise WEP and LEAP need to harvest large quantities of network traffic before they can decipher the pass phrase.
In contrast, WPA only requires them to capture four specific packets of data, Moskowitz said.
Passphrases with fewer than 20 characters were unlikely to withstand a dictionary attack, and attackers who missed those four packets in transit could easily trick a wireless access point into doing a new “handshake” and sending the packets to the attacker again, he said.
Attackers who already knew the PSK and had joined a wireless network as trusted members could further exploit shortcomings in the WPA handshake to guess another user’s unique “session key”, which would enable them to listen in on that user’s wireless session, capturing information they were sending out on a corporate network or to the Internet, Moskowitz said.
That could spell trouble for corporations that allow contractors or other trusted third parties onto their wireless networks, he said. The key was to use strong passwords.
Organisations using WPA with Pre-Shared Keys should also consider using a random number generator to create passphrases, rather than making them up, he said. However, companies that were deploying WPA with an authentication server had little reason to be concerned, because they did not use Pre-Shared Keys, senior analyst at The Burton Group, Michael Disabato, said.
For other users, the Moskowitz paper should not cast a shadow over WPA, he said.
“WPA is doing what its supposed to do, providing you do what you’re supposed to do and enforce secure passwords,” Disabato said.
Both Disabato and Moskowitz agreed that WPA was far more secure than the earlier WEP standard, even considering the issues raised by Moskowitz’s paper. However, Moskowitz did take issue with wireless networking equipment makers’ implementation of WPA.
The shortcomings surrounding Pre-Shared Keys discussed in the WPA paper were acknowledged in the 802.11i standard documents. In their rush to offer WPA in their products, wireless equipment makers like Linksys (now owned by Cisco) did little to address the issues with tools to make it easier to generate secure PSKs, Moskowitz said.