4

Of course, normally I would use HTTPS, but that's not an option in a potential scenario I don't want to get into...

This question is similar to Is it possible to secure a web app without HTTPS?, except there is no internet involved: only two devices and a good+updated access point (aka router).

How secure is the exchanged information in the following scenario:

  • Server has no internet, only a LAN port to a wifi router which also has no internet.
  • In the router config, a new WPA2 PSK (AES) key is applied, 15 letters+numbers long, generated by a CSPRNG.
  • Another computer, "Client", connects to the router's wifi using the brand-new key and uploads a secret 50kb file to Server over HTTP (no S).
  • In the router config, a brand-new PSK like above is immediately applied
  • This whole time, Eve has been hiding outside with something like airdump/wireshark, perfectly recording all the Wifi traffic.

I've looked into tools like https://www.aircrack-ng.org/, but they seem to require a lot of traffic to recover PSK2 keys. I'm not an expert in this area, but it seems to me that if a lot of traffic can reveal the key, a small amount of traffic might reveal the key. If there was only the roughly 50KB worth of traffic (no de-auth, injection, etc), and the key was only active for those 30 seconds, and never used again, is there enough captured info for Eve to possibly recover the 50KB document?

I assume recovering the key is the same as being able to recover the uploaded document, but if not, my concern is not the temp key, it's the document contents.

If there is some chance of interception, is there any way to quantify/estimate the chance mathematically, based on the above figures?

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
dandavis
  • 2,658
  • 10
  • 16

3 Answers3

1

Assuming Eve is not on the same WiFi network and the key is as you say very long + complex and Eve would happen to sniff the WPA2 handshake/sends deauths till she can sniff the handshake. Even then she would have to brute force the WPA2 key before being able to decrypt the packets that she has sniffed as well.

So if she is not connected Eve will need a lot of computer power to pull it off and that would still be impossible at this moment.

Wealot
  • 879
  • 2
  • 12
  • 25
  • hi, let me introduce you to my friend [krack](https://www.krackattacks.com/)... also my two other friends who are [evil twins](https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks))... also my imaginary friend, the completely secure router against which no zero-day vulnerabilities will ever be found... – charlesreid1 Nov 22 '17 at 11:46
  • Sure, but that assumes you are using an unpatched vulnerable router and clients – Wealot Nov 22 '17 at 11:47
0

If the WiFi client auto-connects, one could deauth it and steal it with something like KARMA.

0x40
  • 121
  • 4
  • If the router were modified to delay 1 second upon association, and there PSK only lasts 30 seconds, would that prevent those kind of "traffic drum up" attacks? – dandavis Nov 21 '17 at 19:09
0

Yes, there is a risk, despite what others are saying about simply using a strong password. There have been several attacks on 802.11, with the most recent being nicknamed KRACK. This attack does not allow PSK (password) recovery, but allows an unauthenticated MITM attack between individual clients using a technique called key reinstallation. If using CCMP, this attack allows decryption of WiFi frames. If using TKIP or GCMP, this attack additionally allows packet injection. The strength of your password or how frequently you change it do not matter. From the webpage:

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

Many devices are being patched in a backwards compatible way, but an extremely large number are still not patched, most notably many routers as they are often used even after being EOLed.

guest
  • 51
  • 1
  • good point, i should have mentioned krack. do you know if that can be performed in 30 seconds? – dandavis Nov 22 '17 at 06:45
  • I believe so, yes. It does not involve heavy computation. – guest Nov 22 '17 at 06:51
  • 1
    KRACK made a big initial splash, but (with the possible exception of Android) is becoming a footnote in history at this point. Media played it up because it made good headlines, but the reality is that it was too easily patched and limited in scope (on day 0 Windows and iOS could only have their GTK compromised on 802.11r networks, no PTK compromise) to be any sort of long term concern. Also with the exception of Android/wpa_supplicant, KRACK didn't break the encryption it just made it easier to break. – YLearn Nov 22 '17 at 06:57
  • The problem is that the vast majority of routers (and IoT devices, which are getting very numerous) use outdated Linux. While major distros and OSes have quickly fixed, you can't say the same about your router. – guest Nov 22 '17 at 07:00
  • YLearn is right in this. It has been a problem, but as answer on the above question it does not really play a role assuming the devices are patched. – Wealot Nov 22 '17 at 11:49
  • That's true. I was not assuming patched systems. The issue does not manifest itself if you keep your systems up to date. I didn't notice the "and a good+updated access point"! – guest Nov 22 '17 at 11:52
  • @guest, IoT compromises have very little impact in the majority of cases. KRACK doesn't give access to the network and most IoT traffic consists of telling a device to power on/off or do something. There is little to no compromising information in the majority of IoT traffic. Additionally, a number of IoT implementations maintain encryption between the "thing" and any controller/gateway devices making KRACK irrelevant in those situations. As for routers running a variant of Linux, you are referring to consumer devices which typically don't run 802.11r. Client patching is sufficient.. – YLearn Nov 22 '17 at 22:34