0

Follow-up from this question. I just learned that all one needs to decrypt WPA2 traffic is the network key. So for example if I go to a coffee shop and they have the key on the wall I can listen to everything, and if people are visiting sites over HTTP I can MITM them. My question is: why??? Why can't the router and client exchange a secret using public key crypto and encrypt their connection so that other people on the network can't listen? And then each packet or whatever could have a MAC so MITM would be impossible.

Community
  • 1
Elliot Gorokhovsky
  • 496
  • 3
  • 12
  • That means you can give me points on the other question? ;) pulling your leg. The protocol was designed from the begging to be an ethernet-over-air, and as such suffer from the same limitations. I actually have a always VPN (on demand) policy installed in my iphone partly because of this, partly because I do consider DNS services giving over in wireless hotspots trustworthy. – Rui F Ribeiro Jan 17 '16 at 18:20
  • sorry man :) I'll accept it in a few days, I want to wait for some more answers tho. I upvoted tho. – Elliot Gorokhovsky Jan 17 '16 at 19:20
  • No worries. I was just commenting actually. You have plenty of literature if you want to read further on the subject. – Rui F Ribeiro Jan 17 '16 at 19:24

1 Answers1

1

From my knowledge WPA2 does this (encrypting the connection between client and router with a key different for each device)

WPA2 uses the authentification handshake to generate multiple keys. 2 of these are:

  • Temporal Key (TK) – Used to encrypt/decrypt Unicast data packets
  • Group Temporal Encryption Key

The first one is used to encrypt unicast connections like communication between client and router. The second one is used to encrypt multicast/broadcast messages.

In the case of the mitm attack the attacker persuades the victim to think he needs to send specific/all packets to his address. So the client encrypts the packets with a key the attacker is able to decrypt because the client thinks the attacker is the one he wants to talk to.

Think of it this way: all letterboxes in a city (wifi-network) can only be opened (decrypted) by the correct owner. You want to send secret data to your friend Joe who lives at Goodstreet 1. But you don't know that. So you ask the people of the city where he lives. Alice (also living in the city) convinces you that your friend lives at Badstreet 1. So you put your letter in the letterbox of Badstreet 1, Alice reads it/alters it and forwards it to Goodstreet 1. So even when the letterboxes are secure Alice managed a mitm-attack.

Edit: Professional routers/network equipment have countermessaures against things like ARP-poisoning to try prevent MITM-attacks.

Saying "So what's the point of encryption then? MITM renders it useless!" is not different than saying that a burglar alarm is useless in a public building or theft by a friend you invited to your house.

H. Idden
  • 2,988
  • 1
  • 10
  • 19
  • So what's the point of encryption then? MITM renders it useless! – Elliot Gorokhovsky Jan 17 '16 at 19:18
  • To stop passive attackers and people not having the key. ARP-poisining is a protocol flaw on another layer which doesn't have anything to do with WPA2. You have the same/better security than on an ethernet network except you need physical access to the ethernet network. Professional routers/network equipment countermessaures against things like ARP-poisoning. Expect prices like 1000$/€ and more for a professional router. – H. Idden Jan 17 '16 at 19:25
  • 2
    This goes more in less in line what I have been saying to René in a related thread. Please do keep in mind 802.1X can be configured in any wired networks too. I configured Cisco catalyst switches at work to authenticate users. I upvoted you. – Rui F Ribeiro Jan 17 '16 at 19:28
  • MitM does not render WPA2 truly useless you see. I feel quite confident my neighbours are not able to eavesdrop my activity and (ab)use my connection; what I have at home, and at work is a visitor´s network that is separated from our network, and which password is freely given to guests. – Rui F Ribeiro Jan 17 '16 at 19:36
  • 1
    @RuiFRibeiro You are correct. I was just going with the commonly used default configuration as he mentioned a coffee shop which is mostly SOHO-area and doesn't have professional network admins. To be honest I have never seen 802.1X deployed on ethernet including even multiple enterprise organisations with more than 1000 machines. From what I heared the problem was with it's bad support in network devices like printers and giving more problems than it was worth the risk They used authentification by physical port/client MAC/VLANs/... and some vendor specific authenification for non-guest rights – H. Idden Jan 17 '16 at 19:47
  • We do not deploy it campus wide...just in more sensitive places like study rooms and a couple of labs. I have however colleagues in consulting firms that are deploying it far more heavily. – Rui F Ribeiro Jan 17 '16 at 19:50
  • (here ports of printers and voIP phones are administered manually. While I have voiced too many times I do not agree with this for the size of our campus, it facilitates certain configurations) – Rui F Ribeiro Jan 17 '16 at 19:54
  • Network management at a campus seems to be extra complicated. You have a high turn-over of untrusted people on the network. Middle sized companies like those I talked about normally restrict physical access to the buildings/supervision of guests/new people and use legal matters/fear, detection systems of suspicious network behavior and at some point a company needs to trust it's employees because they could do more harm in other ways. – H. Idden Jan 17 '16 at 20:06
  • I still don't understand. When the device and router perform the handshake, they prove their identities to each other with the passphrase. So the device knows the MAC address of the router as a precondition of connecting to the network! So how can an attacker convince the device that it, with a different MAC, is actually the router? – Elliot Gorokhovsky Jan 19 '16 at 16:29
  • Because the mapping between MAC-address and IP-address on wifi and ethernet networks can change over time. I don't know of a standard saying there should be a special case for the router of a wifi network. It could also cause problems in special configuration. In most cases the router has the second role of beeing the network gateway. An admin can also choose to use another device as gateway for outgoing traffic. Another possibility is using anycast with redundant gateways for automatic failover in case one gateway/line goes down. – H. Idden Jan 19 '16 at 18:38
  • In this case multiple gateways with the same ip have different MAC addresses. The handshake does not tell the client the mapping MAC/IP-address of the router since Wifi is OSI-Layer 1-2 and IP-address is layer 3. The gateway is specified by it's IPv4/IPv6-address. ARP-poisoning works by convincing the victim of a wrong MAC/IP-mapping. – H. Idden Jan 19 '16 at 18:38