Dragonblood: Attacking the Dragonfly Handshake of WPA3

Channel:
United States All Hacking Cons
Subscribers:
6,380
Published on ● Video Link: https://www.youtube.com/watch?v=f14L1vPrIkM


Duration: 47:25
64 views
1

Mathy Vanhoef | Postdoctoral Researcher, New York University Abu Dhabi
Location: Lagoon GHI
Date: Wednesday, August 7 | 11:15am-12:05pm
Format: 50-Minute Briefings
Tracks: Cryptography, Network Defense

One of its main advantages of WPA3 is that it provides forward secrecy and prevents offline dictionary attacks. However, the WPA3 certification program was created behind closed doors, meaning researchers could not critique it. This is problematic because, even though WPA3 relies on the existing Dragonfly handshake, this handshake received significant criticism during its standardization. This raises the question of how secure WPA3 is.

In this talk, we will show that WPA3 is affected by several design and implementations flaws. Most prominently, we show that WPA3's Dragonfly handshake, in Wi-Fi also known as SAE, is vulnerable to side-channel attacks. We demonstrate that the leaked information can be abused to carry out password partitioning attacks. These attacks resemble a dictionary attack, and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks. Our side-channel attacks target the protocol's password encoding method, for example, our cache-based attack exploits Dragonfly's so-called hash-to-curve algorithm. Additionally, we present invalid curve attacks against EAP-pwd, which internally uses a close variant of the Dragonfly handshake. This enables an adversary to bypass authentication. We will also discuss downgrade attacks to WPA2, which in turn enable dictionary attacks, and discuss denial-of-service attacks. Finally, we explain how we confirmed all vulnerabilities in practice, and discuss to which extend attacks can be mitigated in a backwards-compatible manner.

Our conclusion is that WPA3 does not meet the standards of a modern security protocol. Either all countermeasures are implemented, in which case it might be affected by DoS attacks, or it does not implement the defenses, in which case it is vulnerable to our attacks. Nevertheless, WPA3 does remain an improvement over WPA2.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network
2022-01-070-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
2022-01-07Critical Zero Days Remotely Compromise the Most Popular Real Time OS
2022-01-07DevSecOps : What, Why and How
2022-01-07How to Detect that Your Domains are Being Abused for Phishing by Using DNS
2022-01-07A Compendium of Container Escapes
2022-01-07Cyber Insurance 101 for CISO's
2022-01-07A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
2022-01-07HTTP Desync Attacks: Smashing into the Cell Next Door
2022-01-07Dragonblood: Attacking the Dragonfly Handshake of WPA3
2022-01-07Cybersecurity Risk Assessment for Safety-Critical Systems
2022-01-07Adventures in the Underland The CQForensic Toolkit as a Unique Weapon Against Hackers
2022-01-07Everybody be Cool, This is a Robbery!
2022-01-07Biometric Authentication Under Threat Liveness Detection Hacking
2022-01-07Hunting for Bugs, Catching Dragons
2022-01-07Exploiting Qualcomm WLAN and Modem Over The Air
2022-01-07I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy
2022-01-07All the 4G Modules Could be Hacked!
2022-01-07Exploiting the Hyper V IDE Emulator to Escape the Virtual Machine
2022-01-07Infighting Among Russian Security Services in the Cyber Sphere


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
password
web
concept
thief
protection
fraud
malware
secure
identity
criminal
safety
theft
system
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Mathy Vanhoef
dragonblood
hacking wifi
wpa3
wifi
attacking