Wi-Fi Protected Access 2 four-way handshake brute force attack.

Since its creation Wi-Fi has been criticised for not being secure, due to its wireless nature; this is due to the encryption protocols used to ensure security from point A the wireless router to point B the wireless enabled device. This inherit security flaw occurs in all WI-FI security standards such as Wireless Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2); According to (Sari & Karay, 2015) “the key size of the WEP standard is only 40-bit key. This makes WEP open to attack especially the brute force attack.” Additionally, a security researcher named as Mathy Vanhoef has discovered a weakness in the security protocol WPA2. Referring to (The Guardian, 2017) the article states that “The security protocol used to protect the vast majority of Wi-Fi connections has been broken”. The findings above prove to be the motivation to commence the research that will follow. If the findings appear to be correct, then SMEs would be left vulnerable to exploitation and eavesdropping. Due to small businesses not having the capital or the knowhow to implement more sophisticated security mechanisms, this leaves them vulnerable to exploitation.

The vulnerabilities within WPA have the possibility of being severe, which has created demand for a new standard to be created to protect WLAN, this standard is called Wi-Fi Protected Access 2 (WPA2). According to (Lashkari & Danesh, 2009) WPA was only released because of the vulnerabilities in WEP to only be the interim solution to security issues. The author continues to state that WPA2 has been designed to be the future-proof solution due to lessons learned from the implementation of WEP. The differences present in WPA from WPA2 are the encryption algorithm that is used to secure data transmissions, the standard also includes an enhanced integrity check this is similar to the message integrity protocol that exists in WPA (Sellers, 2016). WPA2 uses advanced encryption standard (AES) to better protect wireless devices against hacking this standard replaced the TKIP protocol, it was created in January 1997 by NIST to replace the widely used standard Data Encryption Standard (DES) (Dobbertin & Rijmen, 2004).

The AES encryption standard has been combined with the Cipher-Block Chaining Message Authentication Code Protocol (CCMP), the standard was created to replace TKIP and WPA. The protocol is complete with many added extras, referring to (Kohlios & Hayajneh, 2018) research the author details that CCMP provides WPA2 with different security mechanisms. For example, CCMP is derived from Counter Mode (CTR) with Cipher-Block Chaining (CBC) the author details that CTR is used for data confidentiality and CBC is used for authentication and integrity. The encryption takes place within the four-way handshake similar to WPA but with added security and message integrity checks and higher encryption bits. The Pairwise Transient Key (PTK) is generated and passed through an AES encryption algorithm, this added security benefit provides WPA2 with 128-256 keys in sequences of 32 bits due to AES being a block cipher. Comparing all three standards this increase in encryption size does prove to make the security standard much more effective. When WEP was created it only uses a 40-bit shared key then the upgrade to WPA used 128-bit now the most commonly used WPA2 stand has increased to use 128 – 256 bits.

The latest security vulnerability that has been discovered in WPA2 was discovered in 2017 by Vanhoef and Piessens, the attack is named Key Reinstallation Attack (Krack). The attack exploits vulnerabilities in the four-way handshake protocol of WPA2 allowing attackers to decrypt, replay and possible forge frames (Vanhoef & Piessens, 2018). The attack is initiated by a genuine client attempting to gain access to the network, the access point generates the Secret Pairwise Master Key (PMK) this key is generated for the session to allow the four-way handshake to begin. The access point then generates two more keys the Pairwise Transient Key (PTK) and the Group Temporal Key (GTK), the Krack attack exploits message three of the four-way handshake when the GTK is installed WPA2 does not take dropped or interrupted connections into consideration. WPA2 allows message three to be resent, this enables an attacker to intercept traffic that is encrypted from legitimate users. To reset the WPA2 encryption keys the hacker can resend message three to the access point and a nonce request allowing for encryption keys to be reset, resulting in data sent over the network will be encrypted with the same key. This allows attackers to gradually decrypt all data until the whole key is decrypted resulting in the network no longer being secure (Shapiro, 2017). From the literature analysed it appears that some inconsistencies exist around this attack (Kohlios & Hayajneh, 2018) states “This applies only to the TKIP GCMP encryption schemes however. It has been shown that this cannot work with CCMP, which WPA2-PSK uses”. Also, other research details that the four-way handshake exploit what KRACK uses is entirely based on the correct conditions being met, for example, the exploit is only viable on the Linux operating system and the Android platform (Shapiro, 2017). Whereas the Krack attack webpage does detail that most modern Wi-Fi routers will most likely be affected by some variant of the attack (Vanhoef, 2017).

Another attack method has been discovered against the security protocol WPA2, the attack was discovered by researcher Jens atom Steube in August of 2018. The vulnerability was discovered when attempting to discover exploits in the latest Wi-Fi security standard WPA3 (Ramirez & Abelardo, 2019). Previous studies of the PMKID attack have not provided in-depth discussion of how the attack works, the only source of information available is a hashcat forum. This is because the researcher who discovered the attack also created the password cracking tool known as hashcat, both journal articles examined referenced the forum no other literature exists about this attack mainly because the attack has only recently been discovered. The attack vector discussed above allows attackers to view the PSK in hash format allowing the hacker to perform off-line dictionary attacks on the Wi-Fi network. This attack does prove to be more devastating than other attacks discussed because attacker do not need to wait for a legitimate user to reconnect or interfere with the four-way handshake protocol. The attack according to (Kohlios & Hayajneh, 2018) exploit the Robust Security Network (RSN) information element, the attacker receives an EAPOL frame upon the authentication phase before the four-way handshake. Using packet capturing tools like Wireshark allows attackers to examine the Pairwise Master Identification Key (PMKID) thus revealing the PSK in hash value. The PKMID is generated using information already available to the attacker such as PMK name, MAC address of the AP and the MAC address of the device attempting to authenticate. The attacker can then compute the candidate PSKs computed from the world list of passwords and check the PMKID has against the PMKID sent in in the initial EAPOL frame. If the values match the password attempt is correct and the PSK has been recovered.

One attack that is present in WPA2 that was not mitigated surprisingly is de-authentication attack, this attack was also present in WPA. This vulnerability is the starting point for most attack when attempting to intercept an authentication packet via the four-way handshake. The attack is viable because of the lack of protection of management frames that are transferred from client to access point, the attack Is viable due to the same weakness that was presented in WPA. The attack uses MAC address spoofing to initially sit between the client and the access point, the attacker sends de-authentication frames to the access point or client. Once the client or access point has received the de-authentication frame the connection is immediately dropped. This is due to the de-authentication frame being part of management frames rather than encrypted frames that are transferred (Kohlios & Hayajneh, 2018).

The security vulnerabilities that are present in WPA2 that have been discussed in detail above do prove to have some mitigation processes, the Wi-Fi alliance website does state updating WPA2 PSK to use WPA2 Protected Management Frames (PMF) does mitigate many attacks due to the attack that is mitigated is used in a variety of other attacks. The attack is de-authentication, normally in WPA2 the management frames that are sent from client to access point have no protection this allows hackers to disconnect legitimate users to then capture reconnection frames. The Wi-Fi alliance webpage does not detail how the management frame is protected it just states that is it using technology used in WPA3. The best way to mitigate all attacks mentioned above is to simply update equipment or implement WPA3, the Wi-Fi alliance webpage does state they have released patches to mitigate risks from Krack attack. The article also referred to the Common Vulnerabilities and Exposures (CVE) webpage to show what vulnerabilities have been patched through updating hardware (WIFI Alliance, Security Update October 2017). Both (WIFI Alliance, Security Update October 2017) and (Feher & Sandor, 2018) share a number of key features, these features are encouraging users to update to the latest security standard WPA3 because of the vulnerabilities that it mitigates. For example, (Kohlios & Hayajneh, 2018) research details the methods how WPA3 mitigates certain attacks. Using WPA3 stops de-authentication frames, the author states “When an access point receives an unencrypted de-authentication frame from a client who is already in session, the access point will trigger the SA mechanism and return an error response for the client to try again later given a certain comeback time. The AP will then send an encrypted SA query request to the client and await the SA query response within the response time. The adversary would not be able to send back an encrypted response without the encryption key. Therefore, performing a de-authentication attack is unfeasible”. The study has identified that WPA2 has indeed shown some recent security vulnerabilities in the year 2018, it would be recommended to SMEs to upgrade to the latest version of the standard to avoid being the victim of a data breech. WPA3 does appear to solve every recently discovered vulnerability that reveals the network pre-shared key.