Wi-Fi Protected Access 3 Flashcards

1
Q

KRACK summary

A

Secure wireless networks use a 4-Way Handshake to create a new session key. This attack tricks the user into re-installing a session key that the client is already using by replaying the 3rd handshake message. The session key is installed by the supplicant after it receives the GTK and MIC from the AP. This session key is now ready to be used to encrypt data frames. Hence, when the key is re-installed the Nonce is set to its initial value.

KRACK can also be used to decrypt TCP SYN packets and hi-jack TCP connections when CCMP is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SSLStrip

A

Attacker cannot decrypt SSL traffic but this is overcome using SSLStrip. SSLStrip is a type of MITM attack that forces the client to communicate with an adversary in plain text over HTTP and the attacker proxies the modified content from a HTTPS server. To achieve this SSLStrip is used to strip HTTPS URLs and convert them to HTTP URLs so the content can be read.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security improvements WPA3

A
  • More secure Handshake to secure communications
  • Increased security for adding new devices
  • Security for public Wi-Fi
  • Longer key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Simultaneous Authentication of Equals (SAE)

A

SAE is a variant of the Dragonfly Key Exchange protocol and replaces pre-shared keys. SAE was originally implemented for use in IEE 802.11s which is a protocol for WLAN Mesh Networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dragonfly Key Exchange

A

This is a key exchange using a discrete logarithm cryptography that is authenticated using a password. Dragonfly was designed to protect the user against offline dictionary attacks. There are 2 parties in a Dragonfly exchange who have a shared password and they have agreed to a specific domain parameter which is either an Elliptical Curve Cryptography (ECC) or Finite Field Cryptography (FCC).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WPA3 Authentication phases

A

Commit phase
Confirm phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dragonblood

A

A WPA3 hack and this hack allows the attacker to recover the network key, downgrade security measures and launch DOS attacks. WPA3 implements the Dragonfly Handshake and this protects against offline dictionary attacks.

WPA3 devices are backward compatible with WPA2 devices using a transitional mode of operation. This transitional mode of operation is susceptible to a downgrade attack which an attacker can use to set-up a rogue access point that only supports WPA2, thereby, forcing WPA3 devices to use WPA2’s Four-Way Handshake. An attacker therefore, only needs to know a networks SSID of the WPA3 network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vulnerabilities in Dragonfly

A
  • Security Group Downgrade Attack
  • Timing-Based Side-Channel Attack
  • Cache-Based Side-Channel Attack
  • Denial-of-Service Attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Side-channel Atacks

A

In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g. flaws found in a cryptanalysis of a cryptographic algorithm) or minor, but potentially devastating, mistakes or oversights in the implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly