Practical Side-Channel Attacks Against WPA-TKIP

Conference:  BlackHat EU 2019



The presentation discusses the vulnerabilities of the TKIP protocol used in Wi-Fi networks and recommends the use of better security protocols.
  • TKIP protocol used in Wi-Fi networks has vulnerabilities that can be exploited through side channels
  • Cross-layer analysis can reveal vulnerabilities in protocols
  • It is recommended to stop using TKIP and switch to better security protocols
  • Microsoft has announced that they will no longer support TKIP in Windows
The presenter demonstrated how an adversary can capture a ticket frame and decrypt it using a side channel attack. They also showed a Wireshark dump of the attack and how the length of the frame decreased as each byte was decrypted.


Wireless networks and their security protocols keep evolving due to increased performance and reliability demands. For instance, recently the Wi-Fi Alliance released WPA3, which offers better security guarantees (e.g., longer keys). In light of this, one would assume that legacy protocols such as WPA-TKIP are no longer widely used in modern Wi-Fi networks. Unfortunately, our wardriving efforts revealed that 44.81% of encrypted Wi-Fi networks still support and use WPA-TKIP. These wardrives spanned cities in the United States, Germany, and Belgium, and high usage of WPA-TKIP was observed in all of them. Motivated by this, we systematically analyzed the security of WPA-TKIP implementations.



Post a comment