According to security researcher Mathy Vanhoef of Leuvern University, the “WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained” vulnerability can render WPA2’s powerful encryption function obsolete. As a sort of Man-in-the-Middle (MITM) attack, the KRACK vulnerability can intercept encrypted data between an AP and a station without having to access the AP. It allows theft of all information traversing a network such as credit card information, passwords, chatting messages, and e-mail.
The KRACK vulnerability occurs during the authentication procedure in the interaction between an AP and a station (the AP connection password is required for a KRACK attack). It is a re-authentication attack method that that takes advantage of an error generated when an encryption validation message sent by an AP or a station is intercepted and delivered identically. As the same packet is received by the target, it is judged that the verification packet was not sent and hence the encryption verification process is performed again. The key value used for encryption and decryption is reset, the packet is initialized to 0, and a new packet can be assembled.
1) Correlation between WPA2 encryption type and KRACK attacks
|AES CCMP||Packet decryption||Packet Number can be initialized to reassemble packet by KRACK attack|
|WPA TKIP||Packet decryption
|IV Field is used as PN(Packet Number) to complement WEP vulnerability from reuse of IV
Packet Number can be initialized through KRACK attack. Therefore IV* value used during encryption can be acquired
|GCMP||Encryption method used in Wireless Gigabit (WiGig)
As both communication directions use an identical authentication key, authentication key can be stolen through KRACK vulnerability
*IV(initialization vector): As the value used to encrypt the initial block, it is called initialization vector. If it is used repeatedly, it can be used to decrypt encrypted data. It is also referred to as nonce (number used once)
2) Comparison between existing MITM(ARP Spoofing) and KRACK attack
|KRACK||Prior acquisition of AP password required
|No need to connect to AP when performing attack
MAC spoofing required(Target AP’s or disguised as station)
*Can only carry out limited attacks on specific targets (Not all targets can be selected)
Can decrypt packets using protected Internet communication protocols such as HTTPS
If an attack cannot be detected by a packet modulation before a KRACK attack, there is no way for the user to determine whether an attack is taking place
|ARP Spoofing||Must be connected to an AP during attack
MAC spoofing not required (switch to the same MAC as target)
Can perform attacks on specific targets or entire targets
Cannot decrypt data encrypted by HTTPS
ARP Cache Table verification enables detection of ARP Spoofing attack
3) Classification of KRACK vulnerabilities
|CVE number||Summary of vulnerabilities|
|CVE-2017-13077||Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.|
|CVE-2017-13078||Reinstallation of the group key (GTK) in the four-way handshake|
|CVE-2017-13079||Reinstallation of the integrity group key (IGTK) in the four-way handshake|
|CVE-2017-13080||Reinstallation of the group key (GTK) in the group key handshake.|
|CVE-2017-13081||Reinstallation of the integrity group key (IGTK) in the group key handshake.|
|CVE-2017-13082||Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.|
|CVE-2017-13084||Reinstallation of the STK key in the PeerKey handshake|
|CVE-2017-13086||Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.|
|CVE-2017-13087||Reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame|
|CVE-2017-13088||Reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame|
1) Solution for each vulnerability at AP and Station
|Type||CVE||*Root Cause Fix||*Mitigation||*Zero-day Protection|
Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.
Reinstallation of the group key (GTK) in the four-way handshake
Reinstallation of the integrity group key (IGTK) in the four-way handshake
Reinstallation of the group key (GTK) in the group key handshake.
Reinstallation of the integrity group key (IGTK) in the group key handshake.
Reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame
Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
* Root Cause: resolve root cause
Mitigation: temporary measures
Zero day protection: real-time detection
2) Secure Wi-Fi Module provides users a secure wireless network by detecting KRACK attack.
<Figure 9> Details of Zero Day Protection, 2017-13077,13078,13079,13081,13087
Fake AP Detection function of Secure Wi-Fi Module:
Detects Fake AP generated from MAC spoofing attacks by a hacker
- Detect Fake AP of the hacker which is generated identically to the Real AP
Before connection, provide criteria for selection of safe AP for users
After connection, connect to secure AP through connection record based verification and forgery and falsification verification
2) Solutions from point of view of users
# Update all wirelessly connected devices
Update security patches of routers and all devices connected to Wi-Fi, such as personal computers, smartphone, and tablet PCs. Setting the security patch to auto-update in preparation for future security vulnerabilities is recommended
# Inspect router
Router firmwear needs to be updated. If your internet service provider (ISP) has provided you with a router, ask which patch kit is most appropriate for the firm.