[12119] in cryptography@c2.net mail archive
Re: DOS attack on WPA 802.11?
daemon@ATHENA.MIT.EDU (William Arbaugh)
Sun Dec 8 16:55:49 2002
Date: Sun, 8 Dec 2002 16:30:20 -0500
Cc: Donald Eastlake 3rd <dee3@torque.pothole.com>,
cryptography@wasabisystems.com
To: "Arnold G. Reinhold" <reinhold@world.std.com>
From: William Arbaugh <waa@cs.umd.edu>
In-Reply-To: <v04210101ba153ce8d1cd@[192.168.0.3]>
There is another reason why it won't change. The majority of the IEEE=20
are not interested in denial of service attacks. This issue has been=20
brought up several times at TGi and other meetings by myself, Bernard=20
Aboba and a few others. The standard response is that this is RF and=20
you can always do a DoS. But, they're missing the point of the cost of=20=
the attacker to run the attack.
Unfortunately right now, anyone with a NIC card and laptop can deny=20
service to multiple AP's on a WLAN using tools available on the=20
Internet. This is true for the current and ALL future standards, and=20
each case they don't have to resort to sending malformed frames to=20
TKIP. It is just a simple, unprotected by a MIC/MAC, disassociate=20
message.
On Thursday, Dec 5, 2002, at 12:40 US/Eastern, Arnold G. Reinhold wrote:
> At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote:
>> Arnold,
>>
>> If you want to play with this as in intellectual exercise, be my=20
>> guest.=A0
>> But the probability of changing the underlying IEEE 802.11i draft
>> standard, which would take a 3/4 majority of the voting members of=20
>> IEEE
>> 802.11, or of making the WiFi Alliance WPA profiling and subseting of
>> 802.11i incompatible with the standard, are close to zero.
>>
>
> Cryptographic standards should be judged on their merits, not on the=20=
> bureaucratic difficulties in changing them. Specs have been amended=20
> before. Even NSA was willing to revise its original secure hash=20
> standard. That's why we have SHA1. If I am right and WPA needlessly=20=
> introduces a significant denial of service vulnerability, then it=20
> should be fixed. If I am wrong, no change is needed of course.
>
> Check out the President's message for September 202 at the Association=20=
> of Old Crows web site ("Serving the Electronic Warfare and Information=20=
> Operations Community"): http://www.aochq.org/news.htm
>
>
> Arnold Reinhold
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to=20
> majordomo@wasabisystems.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
