YoVDO

Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd

Offered By: IEEE via YouTube

Tags

Network Security Courses Cybersecurity Courses Raspberry Pi Courses Cache Attacks Courses

Course Description

Overview

Analyze the Dragonfly handshake protocol used in WPA3 and EAP-pwd Wi-Fi security standards. Explore vulnerabilities in the hash-to-curve algorithm, potential attacks on clients and access points, and information leakage risks. Examine the impact on password brute-force costs, denial-of-service possibilities, and downgrade attack scenarios. Evaluate the Wi-Fi Alliance's response to these security concerns and discuss remaining issues in Wi-Fi security implementation. Gain insights into the fundamental challenges of securing wireless networks and the ongoing efforts to address vulnerabilities in widely-used protocols.

Syllabus

Intro
Background: Wi-Fi Security
Background: Dragonfly in WPA3 and EAP-pwd
Hash-to-curve: EAP-pwd
Attacking Clients
Attacking Access Points
What information is leaked?
Leaked information: #iterations needed
Raspberry Pi 1 B+: differences are measurable
Hash-to-curve: WPA3
Cache attack on NIST curves
Password Brute-force Cost
Denial-of-Service Attack
Downgrade Attacks
Reaction of the Wi-Fi Alliance
Fundamental issue still unsolved
Remaining issues
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
TheIACR via YouTube
When Good Turns Evil - Using Intel SGX to Stealthily Steal Bitcoins
Black Hat via YouTube
NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube
The 9 Lives of Bleichenbacher's CAT - New Cache Attacks on TLS Implementations
IEEE via YouTube
Malicious Management Unit - Why Stopping Cache Attacks in Software is Harder Than You Think
USENIX via YouTube