WPA3

 

1) Basic security enhancements in WPA3 vs. WPA2

WPA2 flaws - susceptible to brute force and offline dictionary attacks where passwords can be recovered

offline dictionary attack: 4 way hand shake can be captured and passwords can be recovered.

The attacker can capture the 4 way handshake.

Make a guess of password from a dictionary list

Run  the password through know function/algorithm(PBKDF2) that is defined in the standard to get the PMK/PSK . 

From the captured message compute the PTK using

        Anonce, Snonce, Cl Mac addr and AP Mac Address are known from the 4 way            handshake

        Computed PMK from guessed passphrase

        Compute MIC

If the MIC matches with that in the captured message, PTK keys is correct ad password is cracked.


In WPA3, even if password can be guessed, the PMK cannot be hacked because of the way the key is derived.( dragon fly protocol)

 2) Security enhancements of encryption and integrity in WPA3

OWE : opportunistic wireless encryption ensures the data exchanged between client and AP is protected . Other clients can sniff the packets , but they cannot decrypt the packets Open Networks, ie unencrypted networks are replaced by OWE

Steps

1) Open authentication

2) Unauthenticated Diffee hellman at association time, when public keys are exchanged during the association request/ association response

3) Derive PMK , using the private key and other party's public key

        PMK cannot be hacked

4) After association 4-way handshake to derive the encryption keys

Client connect to open SSID. This is an encryption only scheme no authentication , clients do not know they are connected to this AP and vice versa


3) Simultaneous Authentication of Equals (SAE) in WPA3 as an enhancement for legacy pre-shared key technology

wpa2-psk, which allows people to recover passwords is replaced by SAE

In SAE, user has to prove knowledge without revealing the password.

password based authentication based on dragon fly key exchange based on zero knowledge  proof key exchange

resistant to dictionary attacks

steps

1) uses 802.11 authentication frames. Authentication generates PMK

2) Usual Association

3) 4-way handshake

User experience/ work flow is the same as wpa2=psk where user enters the password.

4) purpose of Opportunistic Wireless Encryption (OWE) for public and guest networks

Use Cases

coffee shops use wpa2-psk

Banks and schools use wpa2-psk

In these use cases , where wpa2-psk is used, password can be hacked and encryptio keys can be found. So, OWE is used.

Comments

Post a Comment

Popular posts from this blog

Protection Mechansims in 802.11g

Need for Protection  In a WLan BSS with both 802.11b and 802.11g devices,  the AP ( 802.11g)  has to serve both 802.11g and 802.11b clients. Due the difference in chipset implementations of 802.11b and 802.11g devices, a 802.11b device cannot decode  high rate  transmissions from a 802.11g device.  Unaware of a 802.11g device's transmission, if a 802.11b client transmits at the same time, it will cause interference to 802.11g's transmission.  So 802.11g specifies certain protection mechanisms to ensure that 802.11g's transmissions are not interrupted by the legacy devices. These protection mechanisms  are there to make sure that the legacy devices are  aware when a 802.11g device is transmitting so that , legacy devices can defer their transmission. Types of Protection Mechanisms in 802.11g 802.11g specifies two types of protection mechanism.  1) cts-to-self protection mechanism: In this , when ever a 802.11g station has a ofdm data fram...
Read more

Protection Mechanism in 802.11n

Image
References: https://www.cwnp.com/802-11n-protection-mechanisms-part-2/ https://mrncciew.com/2014/11/04/cwap-ht-operations-ie/ 802.11n survival guide - Mathew Gast When ever a new wireless standard is introduced, the new devices' transmissions cannot be decoded by the older devices. When 802.11g came into existence, the OFDM transmissions by 802.11g devices cannot be decoded by the older 802.11b /802.11devices.  Hence in order to protect the newer 802.11g devices from older 802.11b devices,  protection mechanisms were introduced in 802.11g 's standard. In a ERP BSS where 802.11/802.11b coexist, protection mechanism has to be enabled.  This is indicated by setting the bits ' Use Protection ' and 'non Erp Present ' bits in the ERP information element of the beacon. ERP stations know that they need to use the protection frames prior to sending OFDM frames based on this. In the case of 802.11n, HT transmissions needs to be protected if there  are older stations ( b/a...
Read more

Basics of FDM and OFDM

Image
  Note : All figures/images taken from internet  Multiplexing Multiplexing is a technique used to share a Medium ( Cable, Wire, optical fiber, air). This allows simultaneous transfer of multiple signals in a single data link. The most simplest method of using the medium is to transmit one signal at a time. Multiplexing is a technique used to combine signals or information from different users/devices and transmit at the same time. Time Division multiplexing: Transmitting different users' digital signal over a single link by dividing the time into intervals called slots and allocating equal time slots to each user.       Statistical Time Division Multiplexing In this type of multiplexing, some users may have high priority or may have more data to transmit. Instead of allocating equal time slots to all users, depending on the priority, more time slots may be allotted to a particular use. Baseband systems can tranmsit on...
Read more