securing home wi fi with wpa3 personal
play

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik - PowerPoint PPT Presentation

Nov 17, 2023 •558 likes •853 views

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

  1. Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers

  2. Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2

  3. Why is WPA3 needed? WPA2 has been broken for many years. There are plenty of easy to use tools and techniques out there to crack and manipulate WPA2. Think about: - Aircrack-ng - KRACK - RSN-PMKID attack - And more… Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 3

  4. What does WPA3 bring? WPA3 tries to fix most of the attacks previously mentioned. It does this by improving the way that the PMK is generated for the EAPOL 4 way handshake. WPA3 personal add the Simultaneous Authentication of Equals before the 4 way handshake. This key exchange ensures a temporary PMK is generated for each authentication. WPA3 mandates the use of 802.11w Protected Management Frames. Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 4

  5. Simultaneous Authentication of Equals (SAE) - Based on the Dragonfly handshake and (re)defined in 802.11-2016 - Encapsulated in the 802.11 authentication packets - Two stages; Commit and Confirm - Both parties can initiate the handshake - Successful completion results in the generation of a PMK for that authentication Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 5

  6. WPA3 modes of operation WPA3 Personal - WPA3 only - WPA3-SAE authentication - WPA3 transition mode (WPA3-TM) - WPA3-SAE / WPA2-PSK authentication WPA3 Enterprise - Out of scope Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 6

  7. Why do we need WPA3 transition mode? - Current devices will stick around - Many devices won’t receive updates - For example IoT devices - WPA2 adoption took almost a decade to reach 70% adoption [1] - “With regards to security: nothing good ever comes out of transition modes (ever).” [2] Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 7

  8. Related work - Christopher Kohlios and Thaier Hayajneh (2018), first security review of WPA3 - Mathy Vanhoef and Eyal Ronen (2019), Dragonblood. Found the first vulnerabilities in WPA3 Wi-Fi Alliance - WPA3 Security Considerations (2019) - Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 8

  9. How can WPA3 personal transition mode be secured in such a way that downgrade attacks are not feasible?

  10. Research Questions How can WPA3 personal transition mode be secured in such a way that downgrade attacks are not feasible? - What are the requirements for WPA3? - How can WPA3 personal transition mode be manipulated in downgrading stations to WPA2? - What techniques can be utilised to prevent these downgrade attacks? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

  11. Methods Four experiments Access Points - AP vendor A - AP vendor B Stations - Android on Samsung Galaxy S10 - iOS on Apple iPhone X - MacOS on Apple Macbook - Windows 10 - NetworkManager on Fedora 32 Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

  12. Station auto-connect - Methods - Setup an AP to a specific Authentication Key Management (AKM) - Connect station, without prior knowledge, to AP - Alter AKM on AP - Auto-connect behaviour from station is observed - Repeated for every station and alternating the AKM Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 12

  13. Station auto-connect - Results Device WPA2 -> WPA2 -> WPA3 WPA3-TM -> WPA3 -> WPA2 WPA3-TM WPA2 Android 10 (S10) Yes No Partial No iOS Yes No Yes No macOS Yes No Yes No Windows 10 WPA2 No No No NetworkManager WPA2 No No No Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 13

  14. Station BSS selection - Methods - Setup AP with two BSSIDs with identical SSID - First BSSID is setup for WPA2 - Second BSSID is setup for WPA3 - Command station to connect to the SSID - Observe the selected BSSID - Repeat for every station Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 14

  15. Station BSS selection - Results Device BSSID Selected Android 10 (S10) Displayed two selections iOS Random macOS WPA3 Windows 10 WPA3 NetworkManager Random Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 15

  16. Downgrade attack - Methods - Setup legitimate AP - Connect station to legitimate AP - Start EvilTwin with WPA2 - EvilTwin floods air with deauth frames - Monitor EvilTwin for first authenticated EAPOL frame from station Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 16

  17. Downgrade attack - Results Device WPA2 deauth WPA3-TM -> WPA3 -> WPA2 WPA2 Android 10 (S10) Yes Partial No iOS Yes Yes No macOS Yes Partial No Windows 10 Yes No No NetworkManager Yes No No Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 17

  18. AP DoS - Methods Flood the AP with forged SAE handshakes to create a Denial of Service for connected stations - SAE handshakes a computationally expensive - Both parties can initiate the handshake, each SAE commit message is evaluated by the AP - DoS should be prevented by the SAE anti clogging mechanism We used the Dragondrain tool to create up to 200 forged SAE handshakes per second Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 18

  19. AP DoS - Results AP vendor A - Primary functions affected (connectivity) - Session drops - Single station downlink throughput close to zero AP vendor B - No loss of primary functions (authentication, connectivity) - Single station downlink throughput decrease of 35% Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 19

  20. Producing mutual trust Current - Station to AP authentication Desired - Mutual authentication Solution - SAE Public Key - Verified SSIDs Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 20

  21. SAE Public Key - Brand new addition to the WPA3 specification (not approved yet) - Adds a static public and private key pair to the ESS - Wi-Fi password is a base32 hash of the ESS public key - Acts as a fingerprint - Trust bootstrap - AP sends a SAE-PK element to the station in the SAE confirm message, this frame includes - ESS public key - Signature - Station can verify the public using the fingerprint encoded in the Wi-Fi password - Station can verify the signature using the public key Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 21

  22. Transition Disable indicator - Another addition in the WPA3 specification draft - Enables a AP to signal to a station which AKMs to use and which to disable - Only allows the use of WPA3 and up - Automatically disable of WEP and TKIP - Standardizes the way stations remember which AKM to use for known networks - Should be used in combination with SAE-PK to prevent TOFU Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 22

  23. Wi-Fi URI - Standardizes the way Wi-Fi authentication information can be encoded into a URI - Can be used to represent Wi-Fi network information into a QR code - Allows for the full SAE-PK public key to be encoded - Allows the Transition Disable indicator to be encoded Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 23

  24. Verified SSIDs - Current SSID scheme can be chosen at will and are not unique - FQDNs SSIDs can make SSIDs unique enough for identification - In combination with CA signed certificates - AP includes a trusted certificate, which corresponds to the FQDN SSID, to each authentication - Proving to that station that the AP belongs to that domain Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

  25. Discussion - Secure implementations versus user-friendliness - Removing freedom to choose password in SAE-PK - Removing freedom to choose SSID in Verified SSIDs - Splitting Wi-Fi network into a WPA2 and WPA3 on single LAN - Unclear to user - Network still susceptible to WPA2 attacks - Splitting Wi-Fi network into a WPA2 and WPA3 on seperate LANs - Unclear to user - Connection problems Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

  26. Conclusion - Stations should not fallback to WPA2 if a SSID is WPA3 capable - Stations should display the WPA version of a given SSID - Stations should upgrade to SAE on known networks - Mutual authentication important stepping stone for Wi-Fi Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

  28. Key takeaways - WPA3 has significant improvements over WPA2 - WPA3-TM vulnerable to downgrades if stations fallback to WPA2 - Stations should use WPA3 when possible and disable WPA2 for an SSID - Personal Wi-Fi requires mutual authentication References [1] - WiGLE.net, Wi-Fi stats [2] - Stephen Orr, Advancements in Wireless Security. At Cisco Live 2020 Securing home Wi-Fi with WPA3 personal - July 3 rd 2020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen ANRW. Montreal, Canada, 22 July 2019. Background: Dragonfly in WPA3 = Password Authenticated Key Exchange (PAKE) Negotiate Provide mutual session

1.04k views • 45 slides
WiFi security Harald Vranken 1 Agenda Introduction to WiFi Open WiFi networks Home

WiFi security Harald Vranken 1 Agenda Introduction to WiFi Open WiFi networks Home

Advanced Network Security (2019-2020) WiFi security Harald Vranken 1 Agenda Introduction to WiFi Open WiFi networks Home WiFi network IEEE 802.11 WEP WPA/WPA2/WPA3 Personal/Enterprise Eduroam Attacks 2

674 views • 45 slides
Dragonblood : Attacking the Dragonfly Handshake of WPA3 Mathy Vanhoef and Eyal Ronen Black Hat

Dragonblood : Attacking the Dragonfly Handshake of WPA3 Mathy Vanhoef and Eyal Ronen Black Hat

Dragonblood : Attacking the Dragonfly Handshake of WPA3 Mathy Vanhoef and Eyal Ronen Black Hat USA. Las Vegas, 7 August 2019. Background: Dragonfly in WPA3 and EAP-pwd = Password Authenticated Key Exchange (PAKE) Negotiate Provide mutual

532 views • 50 slides
1: Getting Personal Economic and wage stagnation Within the home Rapid rise in divorce

1: Getting Personal Economic and wage stagnation Within the home Rapid rise in divorce

Making the Computer Personal: Theme of Paper Reconstructing Domesticity for the Information Age How did people decide they needed a computer in their home? Cultural work of reconstruction Looked at another way What kind of a

261 views • 9 slides
Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Securing Personal Data

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Securing Personal Data

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Securing Personal Data Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1 Series Goals Series Goals

146 views • 13 slides
WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise

WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise

Advanced Network Security WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise WPA3 Key reinstallaton aaacas 2 WiFi IEEE 802.11 standard Some terminology: Staton (STA) is a

479 views • 46 slides
Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

933 views • 21 slides
Rexel, Inc. Securing Unsecured Accounts, Mechanics Liens and Payment Bonds Spring 2014

Rexel, Inc. Securing Unsecured Accounts, Mechanics Liens and Payment Bonds Spring 2014

Rexel, Inc. Securing Unsecured Accounts, Mechanics Liens and Payment Bonds Spring 2014 Discussion Topics Securing Unsecured Accounts Personal Guaranty Corporate Guaranty Joint Check Agreements Promissory Note Virginia: 43-11 Notices

327 views • 16 slides
Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Background: Wi-Fi Security

Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Background: Wi-Fi Security

Dragonblood : Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Background: Wi-Fi Security 1999: Wired Equivalent Privacy (WEP) RC4 with 40 (!) or 104 bits key Broken in 2001 [FMS01] Deprecated 2004 2

1.58k views • 105 slides
WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi

WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi

Advanced Network Security WiFi security Harald Vranken 1 Agenda WiFi security WEP WPA(2) WPA3 2 WiFi IEEE 802.11 standard Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications original

721 views • 48 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Real World Crypto, New

Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Real World Crypto, New

Dragonblood : Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Mathy Vanhoef and Eyal Ronen Real World Crypto, New York, 10 January 2020. Background: Wi-Fi Security 1999: Wired Equivalent Privacy (WEP) Broken in 2001 [FMS01] 2003:

818 views • 62 slides
1 are the home and personal care products youre buying for your family safe? 2 everyday

1 are the home and personal care products youre buying for your family safe? 2 everyday

1 are the home and personal care products youre buying for your family safe? 2 everyday products in your home could be making your family sick. triclosan the average woman is exposed to 168 aluminum toxic chemicals a day fragrance 200

529 views • 16 slides
Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer

Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer

QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer Client-Server Model Isolated clients connect to a single server. One

448 views • 6 slides
Personal Productivity and Project Medicine Optimizing how you bring it home Bill Cutrer MD MEd

Personal Productivity and Project Medicine Optimizing how you bring it home Bill Cutrer MD MEd

Personal Productivity and Project Medicine Optimizing how you bring it home Bill Cutrer MD MEd Sandrijn van Schaik MD PhD Developing Medical Educators of the 21 st Century -2020 Describe the core components of personal Describe productivity

365 views • 25 slides
Common Core Assessment Consortia: Creating Next-Generation K-12 Assessments Overview of the Five

Common Core Assessment Consortia: Creating Next-Generation K-12 Assessments Overview of the Five

Common Core Assessment Consortia: Creating Next-Generation K-12 Assessments Overview of the Five Assessment Consortia Designs, Timelines and Transition Supports Pascal (Pat) D. Forgione, Jr., Ph.D. Executive Director Center for K-12

383 views • 22 slides
The Future of the Power Industry: Implications for Network Regulation Paul Centolella President,

The Future of the Power Industry: Implications for Network Regulation Paul Centolella President,

The Future of the Power Industry: Implications for Network Regulation Paul Centolella President, Paul Centolella & Associates, LLC Senior Consultant, Tabors Caramanis Rudkevich ACCC/AER Regulatory Conference Brisbane, Queensland August 4,

801 views • 35 slides
What is Advanced Research Computing? Data Supercomputing Computationally Mining Intensive

What is Advanced Research Computing? Data Supercomputing Computationally Mining Intensive

Accelerate Discovery with ACENET www.acceleratediscovery.ca What is Advanced Research Computing? Data Supercomputing Computationally Mining Intensive High Parallel Performance Big Data Storage Computing Computing (HPC) High

399 views • 4 slides
GRid enabled access enabled access GRid to rich mEDIA mEDIA content content to rich The

GRid enabled access enabled access GRid to rich mEDIA mEDIA content content to rich The

GRid enabled access enabled access GRid to rich mEDIA mEDIA content content to rich The GREDIA approach The GREDIA approach for Business Applications for Business Applications in Media and Banking in Media and Banking The GREDIA concept

428 views • 15 slides
July 2019 Disclaimer This management presentation is intended to provide an overview of the

July 2019 Disclaimer This management presentation is intended to provide an overview of the

July 2019 Disclaimer This management presentation is intended to provide an overview of the business of Hut 8 Mining Corp. (Hut 8 or the Company). It has been prepared for information purposes only and does not purport to be complete.

377 views • 22 slides
and Autonomous IDentification NASA USLI Preliminary Design Review Carnegie Mellon Rocket Command

and Autonomous IDentification NASA USLI Preliminary Design Review Carnegie Mellon Rocket Command

PLAID: Precision Launch and Autonomous IDentification NASA USLI Preliminary Design Review Carnegie Mellon Rocket Command November 17, 2017 Launch Vehicle Design Overall Design Wildman Extreme Darkstar November 17, 2017 3 Why the Darkstar?

752 views • 58 slides
UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante University of New Haven What is CAPTCHA? Term coined in 2000 at Carnegie Mellon by Luis von Ahn, Manuel Blum, Nicholas Harper, and John

576 views • 29 slides
Estimating Emotions from Emojis and Their Use in Computer-Mediated Communication Zdenek Smutny

Estimating Emotions from Emojis and Their Use in Computer-Mediated Communication Zdenek Smutny

Estimating Emotions from Emojis and Their Use in Computer-Mediated Communication Zdenek Smutny Natalia Hancsics Zdenek Sulc The aim of the paper Compare the ability to estimate emotions in a sentence and assign the correct emoji to an

226 views • 11 slides

More recommend