3

This is the second post regarding wpa3 technical doubts that came up when I was trying to understand the principles behind this new wifi security protocol. I am new to cybersecurity and being self taught so every bit of help is greatly appreciated!

Wifi Alliance has announced that WPA3 will include SAE protocol, which is based on the dragonfly handshake, leaving behind the 4 way handshake used in WPA2 that was vulnerable to KRACK.

From what I could gather, prior to SAE the device and the router agree some elliptic curve parameters and they apply a known transformation ( e.g. PBKDF2) to the network password and each STA generates the password element (PWE), a secret value(called rand) and a temporal value ( called mask). This values shall not be used in successive protocol runs.

So, once this is all derived, SAE protocol uses two message exchanges to establish the connection, a commit and a verification message. STA-A generated the commit message using the PWE and the generated secrets.

When this is sent if the STA-B checks that the commit message is not validated ( expects a value in the message that can be computed using the secrets generated in STA-B) then the authentication fails and the connection process is terminated. Otherwise if successful, a Key (K) is generated, then it is hashed and from it a KCK and the PMK are derived.

A verification message is sent to STA-A. When STA-A receives the verification message, it verifies that the values given match with what STA-A expected, and thus if everyting is ok, then STA-A generates the PMK.

Now with the PMK data encryption using AES can take place. Is what I understood correct?

Also, I have read that SAE provides forward secrecy, so, how is that achieved? Is a new PMK generated (i.e. key renovations) each time a message is sent (so does SAE run every time a message is sent)?

schroeder
  • 123,438
  • 55
  • 284
  • 319
almb
  • 109
  • 3

1 Answers1

1

Now with the PMK data encryption using AES can take place. Is what I understood correct?

I believe you are correct, though I did not look deeply into the protocol.

Also, I have read that SAE provides forward secrecy, so, how is that achieved? Is a new PMK generated (i.e. key renovations) each time a message is sent (so does SAE run every time a message is sent)?

It's not SAE itself that provides forward secrecy, rather SAE enables WPA3 to support it. In previous encryption protocols, the password used for authentication was also used for encryption. One way or another, the key used used to encrypt the raw traffic was derived from the access point password. This meant that someone who had recorded traffic and only later discovered the key could retroactively decrypt content going far back, even as far as months or years.

WPA3 is a little different. Because SAE dissociates the password from the encryption key, the device is free to use public key cryptography to exchange a completely random symmetric key. This key is different for each connected device, and changes each time you connect. It is possible that it also rekeys itself periodically, but that is not strictly necessary for forward secrecy. The end result is that an attacker who somehow finds out the key (e.g. by connecting a debugger to the router's motherboard and reading memory) would only be able to decrypt the current session, not past sessions.

forest
  • 64,616
  • 20
  • 206
  • 257