Hello, I am new to the cybersecurity world and I am trying to be self taught. I came across the new WPA3 specifications and I was trying to answer myself some questions but even more doubts rose. So, I would really appreciate it if someone could give me a hand, if they know the answer, or point me in the right direction so that I can continue researching on this topic.
So, I will write what I think I have understood and the doubts that came up, if what I wrote is incorrect I would be grateful if someone could tell me so.
* Well, so, firstly, WPA3 uses AES-128 for message encryption in Personal and 192 bits in Enterprise. Thus the secret of communication is kept using this symmetric encryption protocol. As I have understood, security problems in wireless networks usually tend to rise not due to the encryption algoritm used (because using AES 128 would mean trying 2^128 combinations and given the current computing technologies this process is computationally untractable in human feasible time), but due to the password used (simple passwords would help reduce the space of possible passwords in a dictionary attack, hence the recommendations of using more elaborated pws) or due to the key sharing process (the handshake). (am i right?)
To be more precise, WPA3 uses AES-CCMP because AES alone only provides data encryption, it does not guarantee integrity or authentication, but CCMP provides both integrity because it makes sure that the original message was not tampered with, thus proving authenticity. Is this information pointing in the right direction?
* Now, Wifi Alliance has announced that WPA3 will include SAE protocol, which is based on the dragonfly handshake, leaving behind the 4 way handshake used in WPA2 that was vulnerable to KRACK. From what I could gather, prior to SAE the device and the router agree some elliptic curve parameters and they apply a known transformation ( e.g. PBKDF2) to the network password and each STA generates the password element (PWE), a secret value(called rand) and a temporal value ( called mask). This values shall not be used in successive protocol runs. So, once this is all derived, SAE protocol uses two message exchanges to establish the connection, a commit and a verification message. STA-1 generated the commit message using the PWE and the generated secrets. When this is sent if the STA-B checks that the commit message is not validated ( expects a value in the message that can be computed using the secrets generated in STA-B) then the authentication fails and the connection process is terminated. Otherwise if successful, a Key (K) is generated, then it is hashed and from it a KCK and the PMK are derived. A verification message is sent to STA-A. When STA-A receives the verification message, it verifies that the values given match with what STA-A expected, and thus if everyting is ok, then STA-A generates the PMK. Now with the PMK data encryption using AES can take place. Is what I understood correct? Also, I have read that SAE provides forward secrecy, so, how is that achieved? Is a new PMK generated (i.e. key renovations) each time a message is sent (so does SAE run every time a message is sent)? Someone told me that in WPA2 forward secrecy was achieved by generating ephemeral keys through the handshake’s nonces, but I couldn´t find how WPA3 achieves it exactly( could not find info regarding nonces in WPA3). Could someone shed some light into this please?
* Another doubt that came up was that how would you classify the ability of SAE to be resistant to brute force attacks? Is it message secrecy protection? And, I have read that in order to achieve so, the attacker has only one guess at the password at a time, but how is this posible? I mean, the Wifi Alliance oficial specification says that the attacker gets only one guess at the password per attack because SAE forces interaction with the network, but they do not specify this interaction… does someone know how SAE forces interaction to allow only one offline password guess at a time?
Thank you very much and your help will prove invaluable to me in order to try to understand these ideas.
(My references are the official WPA3 Wifi Alliance specification, the 802.11 section 12.4 (SAE) standards document and RFC 7664(Dragonfly Key Exchange) )
So, I will write what I think I have understood and the doubts that came up, if what I wrote is incorrect I would be grateful if someone could tell me so.
* Well, so, firstly, WPA3 uses AES-128 for message encryption in Personal and 192 bits in Enterprise. Thus the secret of communication is kept using this symmetric encryption protocol. As I have understood, security problems in wireless networks usually tend to rise not due to the encryption algoritm used (because using AES 128 would mean trying 2^128 combinations and given the current computing technologies this process is computationally untractable in human feasible time), but due to the password used (simple passwords would help reduce the space of possible passwords in a dictionary attack, hence the recommendations of using more elaborated pws) or due to the key sharing process (the handshake). (am i right?)
To be more precise, WPA3 uses AES-CCMP because AES alone only provides data encryption, it does not guarantee integrity or authentication, but CCMP provides both integrity because it makes sure that the original message was not tampered with, thus proving authenticity. Is this information pointing in the right direction?
* Now, Wifi Alliance has announced that WPA3 will include SAE protocol, which is based on the dragonfly handshake, leaving behind the 4 way handshake used in WPA2 that was vulnerable to KRACK. From what I could gather, prior to SAE the device and the router agree some elliptic curve parameters and they apply a known transformation ( e.g. PBKDF2) to the network password and each STA generates the password element (PWE), a secret value(called rand) and a temporal value ( called mask). This values shall not be used in successive protocol runs. So, once this is all derived, SAE protocol uses two message exchanges to establish the connection, a commit and a verification message. STA-1 generated the commit message using the PWE and the generated secrets. When this is sent if the STA-B checks that the commit message is not validated ( expects a value in the message that can be computed using the secrets generated in STA-B) then the authentication fails and the connection process is terminated. Otherwise if successful, a Key (K) is generated, then it is hashed and from it a KCK and the PMK are derived. A verification message is sent to STA-A. When STA-A receives the verification message, it verifies that the values given match with what STA-A expected, and thus if everyting is ok, then STA-A generates the PMK. Now with the PMK data encryption using AES can take place. Is what I understood correct? Also, I have read that SAE provides forward secrecy, so, how is that achieved? Is a new PMK generated (i.e. key renovations) each time a message is sent (so does SAE run every time a message is sent)? Someone told me that in WPA2 forward secrecy was achieved by generating ephemeral keys through the handshake’s nonces, but I couldn´t find how WPA3 achieves it exactly( could not find info regarding nonces in WPA3). Could someone shed some light into this please?
* Another doubt that came up was that how would you classify the ability of SAE to be resistant to brute force attacks? Is it message secrecy protection? And, I have read that in order to achieve so, the attacker has only one guess at the password at a time, but how is this posible? I mean, the Wifi Alliance oficial specification says that the attacker gets only one guess at the password per attack because SAE forces interaction with the network, but they do not specify this interaction… does someone know how SAE forces interaction to allow only one offline password guess at a time?
Thank you very much and your help will prove invaluable to me in order to try to understand these ideas.
(My references are the official WPA3 Wifi Alliance specification, the 802.11 section 12.4 (SAE) standards document and RFC 7664(Dragonfly Key Exchange) )
