17.10.2017: Calculable insecurity

Currently, there is a significant noise [1] in the Internet community regarding the KRACK attack [2] on WPA2 connections. In fact, the attack is mostly academic and requires a forged Hot Spot close to your Access Point. Whenever your WiFi connection is TLS secured, the potential attack will not succeed. Thus, from a practical point of view -- compromising your ephemeral WiFi key -- the Use Case for the attack is rather slim: The effort is not worth the result (under normal circumstances), where 80% of the Internet traffic is TLS encrypted and the rest is simply public information. It is also important to note, that the weakness is on the client side only: wpa_supplicant; a module of the OS and not the WiFi NIC itself.

However, the TPM disaster of Infineon [3] providing 'bad' RSA keys for authentication is much more severe and demontrates the entire vulnerability of PKI we use today. Assigning a 'digital' identity to an actor on the Internet is the challenge for IoT. Flaws here result not only in the loss of identity but in addition in a significant reduction of safety; and not only security respectively. These kinds of problems have been analyzed by Dan Bernstein et al. [4] and underpinning implications can be found in a presentation of last years Usenix conference [5,6].


[1] www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/WPA2Verschuesselung_16102017.html
[2] www.krackattacks.com
[3] www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecure-rsa-keys-multiple-vendors-affected/
[4] eprint.iacr.org/2013/599.pdf
[5] www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf
[6] www.usenix.org/node/197198