Slashdot Mirror
MIT Researchers Defend Against Wireless Attacks
alphadogg writes "MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels. Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas."
Anything a legit user can do a MITM can do better.
This "all-software" solution is either bullshit, or relies on pre-shared keys (be they specific keys or hardware-derived).
Without keys / hardware, there is absolutely nothing a legit user can send out that a MITM can't.
I happen to have been following the work of Dina Katabi et al. for quite some time now and I have to admit that it is a very poor summary even for Slashdot. I can assure you that you can understand much more by skipping the summary, skipping the Original Source link and just reading the paper in question. It is a truly revolutionary idea that will soon change the way we perceive the risks in wireless communication.
Karma: Positive (probably because of superiour intellect)
If you RTFA you'd know their scheme works like this: .... BEEP BOOP BOOP BEEP .... BEEP BEEP!".
Client says "Hey, let's connect and be secure.".
Router says "Hey, let's connect and be secure using this key.".
Router yells "BEEP
Client says "That pointless noise lined up exactly with the 1s in the message about the key. And the little pauses of silence lined up with the 0s. I should trust it.".
This does nothing.
A MITM will be able to construct his own lie message about using his key instead, as well as be able to construct his own noise pattern.
All a client can see is "Hey, there are TWO packets telling me which keys to use!".
Exactly the same as current implementations that don't rely on pre-shared keys or out-of-band authentication.
An attacker can tamper with a wireless message in three ways: by altering a message sent by one party to match his own Diffie-Hellman key; by hiding the fact that Party A has sent a message at all; and by blocking a message from being sent. TEP is designed to defang each of these tampering techniques.
It does this by compelling Party A to follow its message transmission with another: a pattern of energy "pulses" and "silences." Party A's wireless radio computes a hash of the original message, creating a sequence of ones and zeros. For each one, the radio sends a random packet; for each zero, it sends nothing -- it's silent. This combined pattern is unique to the original message.
If the attacker alters the contents of Party A's message, he, too, has to follow up with a new "silence pattern" that corresponds to the altered contents. But the two silence patterns will be different: The attacker "cannot generate silence" from Party A's "one bits." Party B can detect that difference and in effect refuse the connection offered by the attacker.
Aha, using the fact that all this comm is occurring in the same collision domain to your advantage against MITM attacks, I wonder if this would actually stand up to scrutiny?
The client can't refuse the connection by the attacker.
The client can only refuse ALL connections when it suspect foul pay (by hearing two shits).
Just as before, it's a race/range condition. Sit at the edge of an AP's range with two radios and people connecting to yours will never even hear the router shouting shit at them as sit in the middle.
AP ---- You ---- Victim
Victim and AP can't hear eachother, and thus have no indication that what you're saying isn't coming from you.
It's OK if the man-in-the-middle is only listening, because the Diffie-Hellman key exchange algorithm is designed so that the two legitimate parties can exchange encryption keys without a listener being able to determine the key, even if the listener records the whole transmission.
---------
There is inferior bacteria on the interior of your posterior.
The client sees the "lie", and doesn't trust either of the offers because it isn't sure which is real.
Based on this, it's possible to DOS a router by sending out connection offers, but you can't do a MITM attack.
A proper and real diversity system can detect the angle of the radio to the receiver. A properly designed setup with 4 antennas can give a 0-360 degree direction of the radio it is contacting and a crude distance. this added information and watching radio traffic in the spectrum. I.E see a packet transmitted from radio 3 to radio 4 and then the same packet is transmitted to the base, flag it as mitm and contact radio 3 directly.
It would make a $299 AP cost about $3400 but it could be effective.
Do not look at laser with remaining good eye.
Yes, well, everyone knows TEP is insecure and hackable. Im waiting until TPA2 comes out, thats where the real security is.
Reading the paper, it seems the proposed protocol for key exchange forces a wait time of 17ms, and then hashes the packet to ensure it doesn't get modified (forcing the use of slots and keeping the air open during attack).
The only problem I see is that you could easily use this mechanism to effectively DoS the network by making it wait for the CTS packets constantly while the protocol rejects the bad check-summed packets.
But I guess that's a minor flaw since it's already trivial to DoS wireless networks in general.
Here's to hoping this actually gets widely implemented.