77 research outputs found
A Time-Memory Trade-Off Attack on WPA3's SAE-PK
sponsorship: This research is partially funded by the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity. Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Research Fund KU Leuven, Flemish Research Programme Cybersecurity, Research Foundation Flanders (FWO))status: Published onlin
Practical Side-Channel Attacks against WPA-TKIP
sponsorship: This work is partially supported by the Center for Cyber Security at New York University Abu Dhabi (NYUAD). Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Center for Cyber Security at New York University Abu Dhabi (NYUAD), Research Foundation Flanders (FWO))status: Publishe
On the Robustness of Wi-Fi Deauthentication Countermeasures
sponsorship: This research is partially funded by the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity. Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Research Fund KU Leuven, Flemish Research Programme Cybersecurity, Research Foundation Flanders (FWO))status: Published onlin
Improving Privacy Through Fast Passive Wi-Fi Scanning
sponsorship: Gunes Acar and Mathy Vanhoef hold a Postdoctoral fellowship from the Research Foundation Flanders (FWO). This work is partially supported by the Research Fund KU Leuven and by the Center for Cyber Security at New York University Abu Dhabi (NYUAD). (Research Foundation Flanders (FWO), Research Fund KU Leuven, Center for Cyber Security at New York University Abu Dhabi (NYUAD))status: Publishe
All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS
We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases in the RC4 keystream we use statistical hypothesis tests. This reveals many new biases in the initial keystream bytes, as well as several new longterm biases. Our fixed-plaintext recovery algorithms are capable of using multiple types of biases, and return a list of plaintext candidates in decreasing likelihood.
To break WPA-TKIP we introduce a method to generate a large number of identical packets. This packet is decrypted by generating its plaintext candidate list, and using redundant packet structure to prune bad candidates. From the decrypted packet we derive the TKIP MIC key, which can be used to inject and decrypt packets. In practice the attack can be executed within an hour. We also attack TLS as used by HTTPS, where we show how to decrypt a secure cookie with a success rate of 94% using 9*2^27 ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin’s ABSAB bias, and brute-forcing the cookie by traversing the plaintext candidates. Using our traffic generation technique, we are able to execute the attack in merely 75 hours.sponsorship: This research is partially funded by the Research Fund KU Leuven. Mathy Vanhoef holds a Ph.D. fellowship of the Research Foundation - Flanders (FWO). (Research Fund KU Leuven, Research Foundation - Flanders (FWO))status: Publishe
Release the Kraken: New KRACKs in the 802.11 Standard
We improve key reinstallation attacks (KRACKs) against 802.11 by generalizing known attacks, systematically analyzing all handshakes, bypassing 802.11's official countermeasure, auditing (flawed) patches, and enhancing attacks using implementation-specific bugs.
Last year it was shown that several handshakes in the 802.11 standard were vulnerable to key reinstallation attacks. These attacks manipulate handshake messages to reinstall an already-in-use key, leading to both nonce reuse and replay attacks. We extend this work in several directions. First, we generalize attacks against the 4-way handshake so they no longer rely on hard-to-win race conditions, and we employ a more practical method to obtain the required man-in-the-middle (MitM) position. Second, we systematically investigate the 802.11 standard for key reinstallation vulnerabilities, and show that the Fast Initial Link Setup (FILS) and Tunneled direct-link setup PeerKey (TPK) handshakes are also vulnerable to key reinstallations. These handshakes increase roaming speed, and enable direct connectivity between clients, respectively. Third, we abuse Wireless Network Management (WNM) power-save features to trigger reinstallations of the group key. Moreover, we bypass (and improve) the official countermeasure of 802.11. In particular, group key reinstallations were still possible by combining EAPOL-Key and WNM-Sleep frames. We also found implementation-specific flaws that facilitate key reinstallations. For example, some devices reuse the ANonce and SNonce in the 4-way handshake, accept replayed message 4's, or improperly install the group key. We conclude that preventing key reinstallations is harder than expected, and believe that (formally) modeling 802.11 would help to better secure both implementations and the standard itself.sponsorship: This research is partially funded by the Research Fund KU Leuven. Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Research Fund KU Leuven, Research Foundation Flanders (FWO))status: Publishe
Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks
© 2018 Copyright held by the owner/author(s). Publication rights licensed to the Association for Computing Machinery. We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel. Recent attacks against WPA2, such as most key reinstallation attacks, require a man-in-the-middle (MitM) position between the client and Access Point (AP). In particular, they all employ a multichannel technique to obtain the MitM position. In this technique, the adversary acts as a legitimate AP by copying all frames sent by a real AP to a different channel. At the same time, the adversary acts as a legitimate client by copying all frames sent by the client to the channel of the real AP. When copying frames between both channels, the adversary can reliably manipulate (encrypted) traffic. We propose an extension to the 802.11 standard to prevent such multichannel MitM attacks, making exploitation of future weaknesses in protected Wi-Fi networks harder, to practically infeasible. Additionally, we propose a method to securely verify dynamic channel switches that may occur while already connected to a network.sponsorship: This research is partially funded by the Research Fund KU Leuven. Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Research Fund KU Leuven, Research Foundation Flanders (FWO))status: Publishe
Discovering logical vulnerabilities in the Wi-Fi handshake using model-based testing
We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial of Service (DoS) vulnerabilities.
Stations use the Wi-Fi handshake to securely connect with wireless networks. In this handshake, mutually supported capabilities are determined, and fresh pairwise keys are negotiated. As a result, a proper implementation of the Wi-Fi handshake is essential in protecting all subsequent traffic. To detect the presence of erroneous behaviour, we propose a model-based technique that generates a set of representative test cases. These tests cover all states of the Wi-Fi handshake, and explore various edge cases in each state. We then treat the implementation under test as a black box, and execute all generated tests. Determining whether a failed test introduces a security weakness is done manually. We tested 12 implementations using this approach, and discovered irregularities in all of them. Our findings include fingerprinting mechanisms, DoS attacks, and downgrade attacks where an adversary can force usage of the insecure WPA-TKIP cipher. Finally, we explain how one of our downgrade attacks highlights incorrect claims made in the 802.11 standard.sponsorship: This research is partially funded by the Research Fund KU Leuven and by tile inicc High Iipact Initiative Distributed Trust. Mathy Vanhoef was supported by a Ph.D. fellowship of the Research Foundation -Flanders (FWO). (Research Fund KU Leuven, Research Foundation -Flanders (FWO))status: Publishe
Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections
To perform successful remote timing attacks, an adversary typically collects a series of network timing measurements and subsequently performs statistical analysis to reveal a difference in execution time. The number of measurements that must be obtained largely depends on the amount of jitter that the requests and responses are subjected to. In remote timing attacks, a significant source of jitter is the network path between the adversary and the targeted server, making it practically infeasible to successfully exploit timing side-channels that exhibit only a small difference in execution time.
In this paper, we introduce a conceptually novel type of timing attack that leverages the coalescing of packets by network protocols and concurrent handling of requests by applications. These concurrency-based timing attacks infer a relative timing difference by analyzing the order in which responses are returned, and thus do not rely on any absolute timing information. We show how these attacks result in a 100-fold improvement over typical timing attacks performed over the Internet, and can accurately detect timing differences as small as 100ns, similar to attacks launched on a local system. We describe how these timing attacks can be successfully deployed against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method.sponsorship: We would like to thank our shepherd, Yossi Oren, and the anonymous reviewers for their valuable feedback. This work was partially supported by the Center for Cyber Security at New York University Abu Dhabi (NYUAD) and an NYUAD REF-2018 award. Mathy Vanhoef holds a Postdoctoral fellowship from the Research Foundation Flanders (FWO). (Center for Cyber Security at New York University Abu Dhabi (NYUAD), NYUAD REF-2018 award, Research Foundation Flanders (FWO))status: Publishe
Teaching Strategies for Atypical Presentation of Illness in Older Adults
Atypical presentation of illness is one of those phenomena where “seeing is believing”. Expert geriatric nurses and clinicians know all to well the early signs and symptoms of this frequent masquerader of bacterial infections, pain, acute myocardial infarction, heart failure or other serious medical ailments in older adults. Students however, as novices to clinical practice, require interactive learning approaches to reflect on the client’s illness presentations, help with developing the necessary skills to analyze and synthesize clinically relevant data, and to witness resolution of an atypical presentation when found and treated. We discuss various learner-centered, interactive approaches to teach students how to recognize an atypical presentation of illness using a real-life clinical case. Outlined are teaching strategies for faculty, drawn on visual, auditory, reading and kinesthetic modes of student learning. Use of the senses to teach nurses about care of patient’s is not entirely new or innovative, as reflected on by Florence Nightingale’s (1846) earliest writings of the "rules of nursing".Peer reviewe
- …
