Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Individual Report

~200 words


Last modified: November 10th, 12,017 HE

This essay was written for the Information System Security Management module (SCC.441) of my MSc. It achieved a grade of Distinction.


WPA2, the 14-year-old protocol that provides secure Wi-Fi connectivity, the security of which had been formally proven, has been kracked. It has been shown to be fundamentally insecure at a specification level. This translates to different degrees of impact at the implementation level, depending on decisions taken by different vendors. That this attack uses a novel mechanism also suggests that a review of other key-based security protocols may turn up further vulnerable examples. Perhaps most crucially, this attack raises important questions about the writing of standards and access to them. This report shall establish the necessary background knowledge, summarise the findings of Vanhoef & Piessens (2017) and analyse their likely impact in the real world.