Completed
Fundamental issue still unsolved On lightweight devices, doing 40 iterations is too costly Even powerfull devices are at risk: handshake might be offloaded the lightweight Wi-Fi chip itself
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Dragonblood - A Security Analysis of WPA3’s SAE Handshake
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Background: Dragonfly in WPA3 and EAP-pwd
- 3 Convert password to MODP element
- 4 What about elliptic curves?
- 5 Hash-to-curve: WPA3 for (counter - 1; counter 40; counter:-)
- 6 Attack Optimizations Timing & cache attack result in password signature Both use the same brute-force algorithm
- 7 Invalid Curve Attack
- 8 Reflection Attack: EAP-pwd example
- 9 Other Implementation Vulnerabilities
- 10 Denial-of-Service Attack
- 11 Downgrade Against WPA3-Transition Transition mode: WPA2/3 use the same password
- 12 Crypto Group Downgrade Handshake can be performed with multiple curves Initiator proposes curve & responder accepts/rejects Spoof reject messages to downgrade used curve
- 13 Fundamental issue still unsolved On lightweight devices, doing 40 iterations is too costly Even powerfull devices are at risk: handshake might be offloaded the lightweight Wi-Fi chip itself
- 14 Conclusion
- 15 Thank you! Questions?