Security of WPA pre-shared key on client?

Jouni Malinen jkmaline at cc.hut.fi
Mon Nov 6 23:53:32 EST 2006


On Mon, Nov 06, 2006 at 04:15:04PM +1300, Michael Woff wrote:

> With wpa_supplicant on Windows XP, how secure is the pre-shared key on the
> client itself?  Im trying to find a solution so that once the pre-shared
> key is initially entered, i dont want the user of the client to be able to
> discover this key.

Not very (or probably not at all) secure against this kind usage case in
its current form.

> If im correct, the encryption of the packets is carried out by
> wpa_supplicant itself which then passes encrypted data to the NDIS
> drivers. So is it possible to see the pre-shared key using a system trace
> etc?

No, wpa_supplicant does not encrypt/decrypt data packets, it just
configures a key for NDIS drivers to do this.

> If yes, would there be a way to configure/modify wpa_supplicant to make it
> difficult or alot of work for even a hacker to uncover the pre-shared key?
>  (assuming the key would be stored locally in an encrypted form).

Depends on what the hacket would have access to. If the hacker is
assumed to be able to read memory area of the process and interrupt the
process at any point, the PSK would be available no matter what you do
since it is needed during the key handshakes which may happen whenever
the AP feels like it, i.e., the client needs to keep PSK available for
the full time of the connection.

If this kind of security is desired, it would likely be better idea to
take a look at another key management mode, i.e., WPA/WPA2-Enterprise
and EAP-based authentication, e.g., with a certificate and private key
(EAP-TLS). That way the key used in WPA/WPA2 handshake will be
different for each time and the OS already has more robust mechanisms
available for storing the private key material more securily and there
is even an option of moving it to an external smartcard, if desired.

If use of WPA/WPA2-Enterprise is not acceptable, one would need to
assume that the hacker does not have free access to the memory of the
supplicant process. In that case, wpa_supplicant could be modified to
only allow the PSK to be configured, but never read back. This would be
more secure than the current code, but still, does not really protect
against attacks using administrator level access to the device.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list