The Krack vulnerability (also known as “Krack attack”) has been identified as a potential security threat against wifi networks. There are many and many sites you can find further information about “Krack attack”. Information include those related to the attack itself and how to mitigate it. However, the source code used to determine whether an implementation is vulnerable to attacks was released on GitHub by the author of the “Krack attack” last week because the script got leaked. Hence, since IEEE 802.11r is one of the features supported by Mininet-WiFi, we present in the video below how the “Krack Attack” can be reproduced by Mininet-WiFi.
This video explores the Key Reinstall in FT Handshake (802.11r) and it shows whether an implementation is vulnerable to attacks. The script we use to verify whether an implementation is vulnerable to attacks is available at https://github.com/vanhoefm/krackattacks-test-ap-ft/blob/master/krack-ft-test.py and the Mininet-WiFi’s code is available at https://github.com/ramonfontes/reproducible-research/tree/master/mininet-wifi/krack-2017.
Our topology consists on three access points and one station. The station sta1 is initially associated with ap3 and after executing the script we then force association with ap1. After finishing the association process we generate traffic between ap1 and sta1. At this moment, we can finally observe whether the system is vulnerable or not. Worth to mention that this is not an attack script because you require credentials to the network in order to test if an access point is affected by the attack.
Note: the current version of wpa_supplicant supported by Mininet-WiFi doesn’t include the patch that will fix the issue behind the vulnerability. However, we notice some updates from the hostap source code repository and next version of wpa_supplicant (and also Mininet-WiFi) will certainly include the patch.