Explore key reinstallation attacks that exploit vulnerabilities in the WPA2 protocol in this 47-minute Black Hat conference talk. Delve into the technical details of how these attacks abuse protocol features to reinstall already-in-use keys, resetting nonces and replay counters. Examine the 4-way handshake process, frame encryption, and the general impact of these attacks. Learn about cipher suite-specific, handshake-specific, and implementation-specific vulnerabilities. Discover potential countermeasures and discuss common misconceptions. Analyze the limitations of formal proofs in protocol security and understand the importance of keeping protocols simple with rigorous specifications. Gain valuable insights into network security and protocol design from security researcher Mathy Vanhoef's presentation.
Key Reinstallation Attacks - Breaking the WPA2 Protocol
Overview
Syllabus
Introduction
Overview
The 4-way handshake
4-way handshake (simplified)
Frame encryption (simplified)
Key Reinstallation Attack
General impact
Cipher suite specific
Handshake specific
Implementation specific
Countermeasures
Misconceptions II
Limitations of formal proofs
Keep protocols simple
Need rigorous specifications
Taught by
Black Hat
