I've been looking into attacks that are effective against WPA-TKIP but not WPA2-AES (both using PSK). I've found Vanhoef & Piessens's paper that builds off an attack by Beck & Tews and can be used for total decryption, but only if the router has QoS enabled. Vanhoef & Piessens also present a DoS attack on TKIP that works without QoS. This is the only unconditional documented vulnerability I've found exclusive to WPA-TKIP.
RC4 instead of AES is a concern, but the attacks on RC4 that I have found are impractical. The Royal Holloway attack places a lot of requirements on the plaintext, for a limited number of bytes decrypted. Additionally, TKIP is continuously generating new keys, largely mitigating the impact of compromising a single RC4 cipher, as I understand it.
Have I missed something in the research? Or are the only known practical vulnerabilities to the ciphertext exclusive to WPA-TKIP reliant on QoS?
Aucun commentaire:
Enregistrer un commentaire