Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Offered By: IEEE via YouTube
Course Description
Overview
Analyze the Dragonfly handshake protocol used in WPA3 and EAP-pwd Wi-Fi security standards. Explore vulnerabilities in the hash-to-curve algorithm, potential attacks on clients and access points, and information leakage risks. Examine the impact on password brute-force costs, denial-of-service possibilities, and downgrade attack scenarios. Evaluate the Wi-Fi Alliance's response to these security concerns and discuss remaining issues in Wi-Fi security implementation. Gain insights into the fundamental challenges of securing wireless networks and the ongoing efforts to address vulnerabilities in widely-used protocols.
Syllabus
Intro
Background: Wi-Fi Security
Background: Dragonfly in WPA3 and EAP-pwd
Hash-to-curve: EAP-pwd
Attacking Clients
Attacking Access Points
What information is leaked?
Leaked information: #iterations needed
Raspberry Pi 1 B+: differences are measurable
Hash-to-curve: WPA3
Cache attack on NIST curves
Password Brute-force Cost
Denial-of-Service Attack
Downgrade Attacks
Reaction of the Wi-Fi Alliance
Fundamental issue still unsolved
Remaining issues
Conclusion
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Pseudorandom Black Swans: Cache Attacks on CTR_DRBGTheIACR via YouTube When Good Turns Evil - Using Intel SGX to Stealthily Steal Bitcoins
Black Hat via YouTube NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube The 9 Lives of Bleichenbacher's CAT - New Cache Attacks on TLS Implementations
IEEE via YouTube Malicious Management Unit - Why Stopping Cache Attacks in Software is Harder Than You Think
USENIX via YouTube