Cipher suite selection for eduroam Service Providers

Summary of issue

  • A weakness has been found in TKIP network encryption (WPA/TKIP and WPA2/TKIP).
  • Risk level is currently low but likely to increase.
  • Suggested solution: Enable AES support, educate users to migrate clients to WPA2/AES.
  • Impact of solution: Wireless access points may need to be upgraded/replaced. Client devices may need to be reconfigured and/or supplicant software upgraded/replaced.

Detailed issue analysis and recommendations

Recent research has revealed a method to partially compromise WPA-TKIP and WPA2-TKIP encrypted networks, enabling the extraction of data and injection of forged data. Currently only a few packet types and small amounts of data can be extracted and altered, and the encryption key is not compromised, so the immediate security impact is limited. However, this security threat could be developed and exploited in the future.
Because the provisioning of a wireless network is a long-term investment and of strategic importance, the potential for future attacks against TKIP must be taken into account. Therefore, the eduroam Operations Team recommends that new eduroam Service Provider site deployments do not employ TKIP as their encryption algorithm., and that TKIP should be considered a legacy encryption method.
Existing deployments need not take immediate action to migrate from TKIP encryption, but should be aware that this should be considered and planned in an appropriate time frame (for example when equipment is due for renewal).
The recommended migration is to AES encryption. This Advisory notice gives eduroam Service Providers information on possible migration paths from TKIP to AES encryption, depending upon their current deployment.
New deployments
If you are deploying a new eduroam Service Provider, you should provide WPA2/AES only. As all older encryption schemes either display a cryptographic compromise (WEP, WPA/TKIP, WPA2/TKIP) or have limited client compatibility (WPA/AES), it is not advisable to introduce such legacy ciphers in new site deployments.