MIT Researchers Defend Against Wireless Attacks 65
alphadogg writes "MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels. Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas."
Re:Tamper Evident (Score:4, Informative)
If you RTFA you'd know their scheme works like this: .... BEEP BOOP BOOP BEEP .... BEEP BEEP!".
Client says "Hey, let's connect and be secure.".
Router says "Hey, let's connect and be secure using this key.".
Router yells "BEEP
Client says "That pointless noise lined up exactly with the 1s in the message about the key. And the little pauses of silence lined up with the 0s. I should trust it.".
This does nothing.
A MITM will be able to construct his own lie message about using his key instead, as well as be able to construct his own noise pattern.
All a client can see is "Hey, there are TWO packets telling me which keys to use!".
Exactly the same as current implementations that don't rely on pre-shared keys or out-of-band authentication.
Re:Nope (Score:4, Informative)
The only protection comes from tight timing windows, and who's louder.
... and that's where TEP kicks in: it depends on the ability to use periods of silence to communicate. The MITM cannot drown out the router's "energy" packets by silence.