- Blackshield Awards
- Job Fair
- CXO Track
- About Speakers
- Mathy Vanhoef
Ph.D. at KU Leuven
KRACKing WPA2 Using Key Reinstallation Attacks
These talks explain how the KRACK attack against WPA2 works. Summarized, this attack abuses features of WPA2 to reinstall an already-in-use key, thereby resetting nonces and/or replay counters associated with this key. We show that our novel attack technique breaks several handshakes that are used in a protected Wi-Fi networks.
All protected Wi-Fi networks use the 4-way handshake to generate fresh session keys. The design of this handshake was proven secure, and over its 14-year lifetime, no weaknesses have been found in it. However, we show that the 4-way handshake is vulnerable to key reinstallation attacks. In such an attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When the victim reinstalls the key, the associated incremental nonce and replay counter is reset to its initial value. Simplified, this allows an adversary to replay and decrypt frames. Depending on the encryption algorithm being used, it may also allow an adversary to forge frames. Finally, we conclude the talk by discussing several lessons that can be learned from our findings.
Mathy Vanhoef is a postdoctoral researcher at KU Leuven, where he performs research on stream-ciphers, discovered a new attack on RC4 that made it possible to exploit RC4 as used in TLS in practice (the RC4 NOMORE attack), and found the HEIST attack against TLS. He also focuses on wireless security, where he turns commodity wifi cards into state-of-the-art jammers, defeats MAC address randomization, and breaks protocols like WPA-TKIP. He also did research on information flow security to assure cookies don't fall into the hands of malicious individuals. Currently, he is researching how to automatically fuzz network protocols, and detect logical flaws in implementations (e.g. downgrade attacks). Apart from research, he also knows a thing or two about low-level security, reverse engineering, and binary exploitation.