WPA-3: SEA and Dragonfly
•Télécharger en tant que PPTX, PDF•
0 j'aime•510 vues
WPA-3: SEA and Dragonfly
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à WPA-3: SEA and Dragonfly
Similaire à WPA-3: SEA and Dragonfly (20)
Plus de Napier University
Plus de Napier University (20)
Dernier
Dernier (20)
WPA-3: SEA and Dragonfly
- 1. WPA-3: SEA and Dragonfly Prof Bill Buchanan, The Cyber Academy http://asecuritysite.com
- 2. Wireless Standards • WEP: 40-bit encryption key. Stream cipher (RC4). 24-bit Initialisation Vector. Single key for whole network. Bit flipping. • WPA: Upgraded to TKIP. 128-bit key. Longer IV. Roll-over re- negotiationof key. • WPA-2 (IEEE 802.11i): Block cipher (AES). 4-way handshake.
- 3. Wireless • A 24 bit Initialisation Vector (IV). This meant that the same encryption key repeated after 2²⁴ data packets. This mean that an intruder just had to wait for the IV value to return to a given value — typically within a few hours — and it was then possible to crack the encryption key. • A 40-bit encryption key. This meant which could be cracked with brute force. Anything less than a 72-bit symmetric encryption key can typically be cracked on a single computer. For example there are 2⁴⁰ keys, and which gives 1,099,511,627,776 different keys, and if we crack with 100 million keys per second, we crack every key in around three hours. • A global encryption for the network. WEP used a single global encryption key for the network, thus anyone with secret key for the network could view all of the data packets for the whole network. • Lack of error checking. WEP lacked proper error checking, and which allowed bits in the data packets to be flipped and still check a valid packet.
- 4. Four way handshake • from pbkdf2 import PBKDF2 ssid = 'home' phrase = 'qwerty123' print "SSID: "+ssid print "Pass phrase: "+phrase print "Pairwise Master Key: " + PBKDF2(phrase, ssid, 4096).read(32).encode("hex")) • A sample run is [here]: • SSID: home Pass phrase: qwerty123 Pairwise Master Key: bbaf585c301dc4d4024523535f42baf04630f852e2b01979ec0401ed cdf 0e9c8
- 5. WPA-2 Weaknesses • Single capture of 4-way handshake and then off-line dictionary/brute force. • Off-line crack of hash of SSID and password. • Single crack, cracks all other keys. No forward secrecy (FS).
- 6. WPA-3 • WPA3-Personal: This replaces the 4-way handshake with Simultaneous Authentication of Equals (SAE) and which is defined in the IEEE 802.11s standard. SAE was initially defined for mesh networks, but is now scaling to infrastructure wireless networks. • WPA3-Enterprise: This integrates a back-end authentication infrastructure, such as with a RADIUS server. Elliptic Curve Diffie- Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve are used to a strong authentication. • WPA-3 brings the integration of QR codes to gain the network connection details.
- 9. Conclusions • WPA-2 is flawed, and is not really fit for purpose. • Our core protection is built around something that — given time — can be cracked. As GPUs and ASIC advance we need to move away from hashed passwords, as they are fundamentally flawed, and implement zero- knowledge proof methods. • A user should not be asked to show their password, but should be asked if they can prove that they know it. • Hashed passwords are typically the weak point in data breaches, and where millions, if not billions (as in the case of Yahoo) can be released into the wild, and where hackers can easily pick-off the passwords that users have used. • Zero-knowledge proof is the future.
- 10. WPA-3: SEA and Dragonfly Prof Bill Buchanan, The Cyber Academy http://asecuritysite.com