4. WPA2 4-Way Handshake
• When a client wants to join a WiFi network, a 4 Way handshake is executed
between the client and the network. The purpose of this 4 Way Handshake is to
Verify the Client posses Valid credentials
Creation of PTK (Pairwise Transient Key) which is used for encryption
• After the 4 Way Handshake,, all the data packets are encrypted with this freshly
generated key.
5. Limitation Of WPA2
• Anyone can disconnect you
• The password can be cracked online
• Once you know the password, you can sniff or
spoof someone
• It won’t let you secure a password-less
network
• Silly "terms of service" in your cafe can break
your Application
6.
7. Packet No. Reuse by Tx
Suppose two packets P1 and P2 are encrypted with PTK
E1=P1 ⊕ KS1 and E2=P2 ⊕KS2
If P1 and P2 were to use same Packet Number(PN), then
KS1=KS2
In that case
E1 ⊕ E2 =P1 ⊕ P2 --- Effect of Encrypton Eliminated!!
If P1 is known / Guessed .It is possible to Decrypt P2
So ,for a given key , Transmitter must never use the same
Packet No (PN) in any two encrypted packet
8. KRACK Attack on WPA2
• All protected Wi-Fi networks use the 4-way handshake to generate a fresh
session key. So far, this 14-year-old handshake has remained free from attacks,
and is even proven secure.
• However, we show that the 4-way handshake is vulnerable to a key
reinstallation attack. Here, the adversary tricks a victim into reinstalling an
already-in-use key.
• This is achieved by manipulating and replaying handshake messages. When
reinstalling the key, associated parameters such as the incremental transmit
packet number (nonce) and receive packet number (replay counter) are reset
to their initial value.
• Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS
Transition (FT) handshake. The impact depends on the handshake being
attacked, and the data-confidentiality protocol in use.
• Simplified, against AES-CCMP an adversary can replay and decrypt (but not
forge) packets. This makes it possible to hijack TCP streams and inject
malicious data into them.
• Against WPATKIP and GCMP the impact is catastrophic: packets can be
replayed, decrypted, and forged. Because GCMP uses the same authentication
key in both communication directions, it is especially affected
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32. • WPA3 Security will eliminate all the known security risks and attacks that
are up today including the Key Reinstallation Attacks (KRACK).
• The WPA3 standard adds four features not found in WPA2. Manufacturers
must fully implement these four features to market their devices as “Wi-Fi
CERTIFIED™ WPA3™”.
These Features are as Follows:
1. A More Secure Handshake
2. Open Wi-Fi Network Security
3. Enables easy connectivity to devices with out display
4. 192-bit security suite
33. A More Secure Handshake
• Deliver robust protections even when users choose passwords that fall short
of typical complexity recommendations.
• Ordinary home networks that are protected with a single password, will be
required to use the Simultaneous Authentication of Equals (SAE) handshake.
• This handshake is resistant against offline dictionary attacks.
• SAE handshake is a variant of the Dragonfly handshake defined in RFC 7664,
which in turn is based on the SPEKE handshake.
• In a Wi-Fi network, the SAE handshake negotiates a fresh Pairwise Master Key
(PMK).
• The resulting PMK is then used in a traditional 4-way handshake to generate
session keys. This means the SAE handshake is always followed by a 4-way
handshake.
• The 32-byte PMK that the SAE handshake negotiates cannot be guessed using
a dictionary attack, even though it's used in the 4-way handshake.
• Additionally, forward secrecy is indeed provided because the SAE handshake
assures the PMK cannot be recovered if the password becomes known.
34. Open Wi-Fi Network Security
• Strengthens user privacy in open networks through individualized data
encryption.
• Provide a simple way for public and guest WLANs to be encrypted and
secure without the need for a personal VPN.
• A “new” encryption, Opportunistic Wireless Encryption (OWE), is based
on RFC8110.
• Without a pre-configured password, client devices and access points will
be able to create a one-time use Pairwise Master Key (PMK), replacing the
most common current use of “Open” wireless security.
• OWE handshake negotiates a new PMK using a Diffie-Hellman key
exchange.
• This handshake is encapsulated in Information Elements (IEs) in the
(re)association request and response frames.
• The resulting PMK is used in a 4-way handshake, which will negotiate and
install frame encryption keys.
35. Enables easy connectivity to devices with out display
• Designed to secure IoT devices, most of which have limited or no display
interface.
• The new Device Provisioning Protocol will provide a simple and secure way
to add these devices to a Wi-Fi network.
• Simplified, secure configuration and on boarding for devices with limited
or no display interface.
• More precisely, the replacement of WPS will be the Wi-Fi Device
Provisioning Protocol (DPP).
• This protocol allows you to add new devices to a network using QR codes.
• Based on a quick scan of the draft standard, it seems it may also allow
usage of USB, NFC, or Bluetooth to add a device to the network. The
protocol itself is based on public key cryptography.
36. 192 Bit Security Suite
• This is a cryptographic strength enhancement.
• The feature is aligned with the Commercial National Security Algorithm
(CNSA) Suite and designed to maintain data integrity on networks
requiring the highest security, even in a post-quantum computer era.
• That means it meets requirements for high-level government work,
defense agencies, and super secret industrial projects.
39. Simultaneous Authentication of Equals
• Simultaneous Authentication of Equals (SAE) is a variant of Dragonfly, a
password-authenticated key exchange based on a zero-knowledge proof.
• SAE is used by STAs to authenticate with a password and dynamically
establish session keys
• SAE supports both FFC (Finite Field Cryptography) and ECC (Elliptic Curve
Cryptography)
• By default, SAE uses ECC with order of 256-bit prime number.
• An attacker is unable to make more than one guess at the password per
attack. This implies that the attacker cannot make one attack and then go
offline and make repeated guesses at the password until successful. In
other words, SAE is resistant to dictionary attack.
• An attacker is unable to determine either the password or the resulting
PMK by passively observing an exchange or by interposing itself into the
exchange by faithfully relaying messages between the two STAs.