NIS Chapter 09

Question 1

What is the KRACK attack?

Answer 1

this is an attack that uses the vulnerability in the 4 way handshake of the WPA2 protocol

Question 2

Against what protocols does this attack work?

Answer 2

• WPA1, WPA2, WPA-TKIP, AES-CCMP and GCMP

Question 3

How does the KRACK attack take place?

Answer 3

the attacker tricks the victim into reusing/reinstalling key by manipulating and replaying the handshake messages

Question 4

What exactly happens when the keys are reinstalled?

Answer 4

the associated parameters which assist in the process of generating and managing encryption keys, i.e nonce for instance are reset to their initial value.

Question 5

What operating systems are even more at risk and why?

Answer 5

Linux and Andriod 6.0 or higher can be manipulated into reinstalling all 0 encryption key, meaning these values are known by the attacker without having to do any cracking

Question 6

Summarise the idea of the reinstallation attack

Answer 6

1. when a client joins a network, it has to execute the 4 way handshake in order to get encryption keys
2. Upon receiving three out of the four messages in the 4-way handshake, the client installs a new encryption key. This key is pivotal in encrypting data frames using a specific encryption protocol.
3. But because messages may be lost or dropped, the AP will retransmit message 3 if it didn’t receive an appropriate response.
4. this means that the client can receive message 3 more than once
5. Each time it receives message 3, it will reinstall the same encryption key and reset the parameters used by the encryption protocol
6. Attackers can collect and replay retransmissions of message 3 thereby By forcing these reset of parameters, the attacker can attack the encryption protocol being used and decrypt or forge packets.

Question 7

What are the 4 features needed to ensure your device is WPA3 certified?

Answer 7

1. more secure handshake
2. Open Wifi network security
3. easy connectivity to devices without display
4. 192 bit security suite

Question 8

What is the difference between the PMK of WPA2 and WPA3?

Answer 8

The PMK of WPA2 is often derived from a PSK and remains the same until the PSK is changed.

WPA3 on the other hand negotiates a new PMK with each authentication session

Question 9

What is done with this PMK after the SAE handshake?

Answer 9

the SAE is followed by the traditional 4 way handshake and it uses the PMK to generate session keys

Question 10

What does forward secrecy mean for the PMK?

Answer 10

it means that the PMK cannot be discovered even if the password is discovered

Question 11

What is SAE?

Answer 11

Simultaneous Authentication of equals, it is a peer 2 peer mutual authentication process that uses a 0 knowledge proof key exchange

Question 12

what is 0 knowledge proof?

Answer 12

this is an authentication protocol that is used to allow a party to prove that he or she knows a credential without having to transmit it.

Question 13

Name the properties of the SAE. (NUDEE)

Answer 13

• generates new PMK with each session
• attacker is unable to derive the PMK or the password by observing or modifying or replaying frames and observing the exchanges between STAs
• resistant to offline dictionary attacks. UNable to make multiple guesses per attack
• Computations are based on Elliptic Curve Crypto or prime modulus finite cyclic groups
• Diffie hellman exchange is used

Question 14

What about the Elliptic Curve Cryptography makes SAE more secure?

Answer 14

computations are relatively easy to perform and difficult to reverse
y^2 = x^3 + ax + b

Question 15

What is Oppurtinistic WIreless encrytion?

Answer 15

It is a feature in WPA3 that allows even open wifi networks to be secure through individualised data encryption, so there is no need for a VPN.

Question 16

describe the process of the OWE (2)

Answer 16

• the OWE handshake negotiates a new PMK using the diffie-hellman exchange without the use of any preconfigured pwrd. This PMK will then be sued to negotiate and install frame encryption keys

Question 17

how does WPA3 help with connecting devices that don’t have display?

Answer 17

• through Device Provisioning Protocol, devices are added to a network using QR codes. ANd maybe even bluetooth, NFC

Question 18

What cryptographic enhancement comes with WPA3?

Answer 18

192 bit security suite to maintain data integrity, even in a post quantum computer era

Question 19

what industries is this 192 bit security suite suitable for?

Answer 19

government, defence and super secret stuff

Question 20

What is the Dragonfly

Answer 20

• side channel: information leakage
• cache based attack allowed a hacker to obsserver cache access patterns formed during the handshake which could reveal sensetive info
• downgrade attakc: dragonfly allows for backward compatibility with WPA2 but an attacker can force the WPA3 clinet to connect in WPA2 mode using rouge APs and then perform dictionary attakcs