Sign Up

Users Mailing list

Sign up for news and firmware updates

In modern cryptography, the use of 'certificates' is common - each decide in an encrypted link has its own certificate to identify itself to the other party. It requires the establishment of master keys and then the exchange of public keys between the parties. This is a complex system so in this KB entry, we'll give the very basic overview only.

In WPA2 (802.11a) where you are using a Pre-Shared Key (PSK) - your wireless password, a process called a 4-way handshake is used to establish identity and exchange the certificate identities between your client (phone, laptop etc.) and your wireless access point (e.g. wireless router). The handshake is designed so that the two parties can prove to each other that they know the PSK without actually disclosing/sending the PSK across the link (otherwise it would be visible to a hacker or rogue AP/client).

EAPOL (EAP over LAN) is the method used by WPA2 to exchange identities in both WPA2/PSK and WPA2/802.1x (Enterprise) modes and to install the keys to establish an encrypted connection. Within WPA2, if a response is not received by a station (client) it can request a resend. This may be important in a 'noisy' environment - that is one with a lot of wireless traffic and interference where responses may be lost. In a clean environment the whole key exchange should take <100ms.

The Krack Vulnerability - Updated Oct 2017

It is the resending of that handshake, and the reuse of the same nonce, as defined within WPA2 that was the root cause of the Krack vulnerability which was disclosed in October 2017. Although a base station can be set to not resend the packets, if the initial packets are lost (as above) the connection setup has to start from Step 0, with a new nonce (see below) after an idle time (a few seconds) which is inefficient. In all cases, it's still best to update the client which is where the vulnerability lies. Even if you limit resends on the base, the client device still remains vulnerable on any other wireless networks it uses (unless they are all similarly limited), however in some situations, for example if a client device is old or not receiving updates from the vendor, it cannot be patched.

More Detail on how Krack Works

The main vulnerability within Krack works by attacking the 4-way handshake. During the WPA2 EAPOL authentication, the Access Point (or wireless router) and the Client (phone, laptop etc.) exchange some messages back and forth. There are four messages, hence a 4-way handshake.

Message 3 is by the AP to the Client. The hacker intercepts message 3 and prevents it reaching the Client. The AP doesn't receive Message 4, so it resends message 3. Each time message 3 is received, the client will re-install the same key and reset the incremental transmit packet number (nonce) and receipt replay counter. By these resets the hacker can derive the previous keystream, and, put simply,
it is then party to the encrypted traffic, unaware to the user.

The actual implementation and what's going on is immensely complex but that doesn't mean the vulnerability can't be widely used, even by novice hackers. Once a vulnerability is discovered, tools or scripts are written which can be used by any hacker
to implement the attack with minimal knowledge.

In a WPA key exchange, what is a 'Nonce'?

A 'nonce' is a random or pseudo-random number or string used as a seed for the EAPOL exchange and is intended to provide a unique basis so that replay attacks cannot be performed - i.e. every authentication is unique. It is the re-transmission of that same nonce that gets manipulated by a hacker attacking a WPA2 client using Krack. A patched/updated client will always uses a new nonce if it starts a new connection or doesn't receive a response to the first.

Disabling EAPOL Key Retries

Depending on your specific model and firmware, you can Disable EAPOL Key Retries on your DrayTek router or access point but, for the reasons above, you should still update your client devices as the Krack disclosure covered several different aspects which requite client-side patching (that's your phone/laptop/tablet etc.) and the vulnerability is within the client, not the base station. Disabling EAPOL retries can mitigate the risk, but you should still update the client.

To view and change this setting, go to [Wireless LAN] > [Security], the EAPOL Key Retry setting is set to Enabled by default (and in previous firmware).

Set EAPOL Key Retry to Disable to disable EAPOL retries and click OK to apply the setting.

This setting is available for each SSID and each Wireless Band; change the setting for each SSID / Wireless Band as required.

If EAPOL retries are disabled, it means that there will be no retransmissions and once the EAPOL timeout passes, the client will be removed. This does mean that authentication may be slower, depending on traffic (see earlier) or if you're using some embedded clients with particularly slow processing. These clients are likely to be older or lower power devices and thus may not be patched by their vendors for Krack, which leaves them vulnerable. If you are confident that all of your clients are patched for Krack and authentication is too slow then you can re-enable EAPOL retries to improve efficiency or allow access to clients who authenticate slowly.

In all circumstances, if you allow guests or visitors to access your LAN, we always recommend that your give them a separate isolated VLAN on its own SSID, away from your own data but in the case of WPA2, even if you patch all of your devices, you can never be sure that all visitors will have.