6. Wifi Protected Access 3 (WPA3) Flashcards
Why was WPA3 introduced?
Vulnerabilities in WPA2 were exploited. Particularly with the KRACK (Key Reinstallation Attack).
This exploited the WPA2 four way handshake.
What is KRACK?
This is the Key Re-Installation Attack (KRACK).
It exploits the THIRD message in the four way handshake of WPA2.
The third message is when the authenticator responds by sending the GTK (Group tempral Key) to the client with the frame protected with an MIC (sends GTK + MIC).
After this the supplicant now has the PMK, the PTK and the GTK, so it sends an acknowledgement to the authenticator to confirm it has the PMK and GTK frames have been recieved and installed and they can now send data (sends Acknowledgement + MIC). If the authenticator (router) does NOT recieve this acknowledgement from the supplicant then it will re-send the third message (the contains the GTK +MIC).
So if you block the acknowledgement message from the supplicant (the 4th message) and the authenticator resends the 3rd message then you can force the device to reinstall the encryption key, in turn resetting the nonce and recieve packet number, which are reset to original values..
The entire 4 way handshake is not required to complete the authentication process for a reconnection between reconnection and router.
To enable faster connections in a RECONNECT, only the 3rd mesage is required.
The 3rd message can be sent numerous times.
The hacker mimics a WLAN that the user previously connected to.
Once the supplicant connects to the network the hacker sends what the supplicant believes is the 3rd message from the 4 way handshake. Sends this multiple times.
With each acknowledgement message recieved from the client, a small piece of data is decrypted.
Ultimately this allows the hacker to decrypt the encryption key and decrypt all data packets with a MITM attack.
The problem is that this does not decrypt SSL TLS traffic. BUT they can use a tool called SSL STRIP.
What is SSL Strip?
SSLSTrip is a type of MITM attack that forces the supplicant (victim) to communicate in plain text over HTTP. The attacker proxys the modified content from an HTTPS server.
To achieve this they use SSLStrip strips HTTPS urls to convert them into HTTP urls to allow the contents to be read.
What operating system was particularly vulnerable to the KRACK exploit?
Android 6.0. Because the supplicant using this OS would reinstall an all zero encryption key rather than the real key.
Whjat else can KRACK exploit?
KRACK can also decrypt TCP SYN packets and hijack TCP connections when CCMP is used.
See the paper Key Reinstallation Attacks |Forcing Key Reuse in WPA2. And the video.
So what is WPA3?
Replaces WPA2 which was released in 2004!
WPA3 announced by the Wifi Alliance in 2018.
Operates on the WLAN Security Protocols IEEE 802.11 protocols.
Security enhancements incl:
- reducing risk of brute force attacks by stopping continued password attempts.
- encryption is on a per use basis meaning that the encryption protocol varies on each connection.
The Wifi Alliance promised:
- a more secure handshake to secure communications
- Increased Security for Adding New Devices
- Security for Public Wi-Fi
- Utilisation of a Longer Key
WPA3 Summary.
WPA3:
Introduced in 2018
Designed to Replace WPA2
128-bit Encryption - WPA3-Personal
192-bit Encryption - WPA3-Enterprise
Simultaneous Authentication of Equals (SAE) Replaced Pre-Shared Key
(PSK) (WPA3 personal)
Mandates the USE of protected management frames
Vulnerable to DragonBlood
WPA3: Authentication - How does Authentication occur in WPA3?
PSK replaced with Simultaneous Authentication of Equals (SAE).
SAE = a variation of the dragonfly key exchange protocol.
SAE was originally implemented for use in 802.11s (a protocol for WLAN mesh networks)
SAE replaces the PSK
WPA3 persona; SAE has a 128-bit Encryption - WPA3-Personal
Allows QR code connection and EasyConnect for easy IoT device set up for non tech savvy users.
There are two phases / exchanges in this Authentication: 1. COMMIT 2. CONFIRM
WPA3: Authentication in WPA3 Enterprise. What are the key features?
Uses Back-end authentication for the user which may be in conjunction with a RADIUS Server
Uses ECDH (Elliptic Curve Diffie-Hellman) Exchange and (ECDSA) Elliptic Curve Digital Signaiture Algorithm using a 384 bit elliptic curve for strong authentication.
What is Dragonfly Key Exchange?
- Key Exchange Using Discrete Logarithm Cryptography
- Authenticated by Both Parties using Shared Password or phrase
- Dragonfly was designed to protect against offline dictionary attacks.
- Specific Domain Parameter agreed between the two parties. Wither
Elliptical Curve Cryptography (ECC) or
Finite Field Cryptography (FCC)
Describe the two phases in WPA3 authentication (dragonfly key exchange)
Two message exchanges:
- Commit exchange: Initially the supplicant connects with the authenticator (access point). Both parties COMMIT to a single guess of the password.
- Confirm exchange: Both parties CONFIRM that they know the password. Prior to being communicated a Password Element (PE) is created which is a random element in a negotiated group.
Both can be repeated as necessarily as connections can be dropped.
Although a link has been provided to the detailed working of dragonfly we will not be tested on this.
What is DragonBlood?
WPA3 relies on a more secure handshake that it’s predecessors (called the Dragonfly handshake).
DragonBlood is a hack that exploits the dragonfly handshake on WPA3.
WPA3 devices allow backward compatability with WPA2 devices (less secure). This uses a ‘Transitional Mode of Operation’ - suseceptible to a downgrade attack where a hacker uses a rogue access point that only supports WPA2 - forcing WPA3 devices to connect using the WPA2’s 4 way handshake
The attacker only needs to therefore know the SSID of the WPA3 access point.
It allows the attacker to recover the network key, downgrade security measures and launch a DoS attack.
What are the attacks that DragonBlood made WPA3 suseptible to?
- Security Group Downgrade Attack
- Timing-Based Side-Channel Attack
- Cache-Based Side-Channel Attack
- Denial-of-Service Attack
Findings: https://wpa3.mathyvanhoef.
com/
Review the DragonBlood vulerability video and findings.
