It’s Game of Thrones season! And anything to do with dragons reminds me of GoT. The Dragonblood vulnerability recently exposed weak security of the WPA3 standard. It was just a year ago that KRACK exposed weaknesses in the WPA2 standard. In response, a stronger successor to WPA2 was announced by the Wi-Fi Alliance: WPA3.
But, was this really a strong successor as it was perceived? Apparently, no.
WPA3 incorporated Simultaneous Authentication of Equals (SAE) handshake, which was a huge improvement over WPA2 as it prevents dictionary attacks. The family of SAE handshakes is referred to as Dragonfly. This handshake is susceptible to password-partitioning attacks, which resemble dictionary attacks and leverages side-channel leaks to recover network passwords.
According to the researchers Vanhoef and Ronen, who published the paper on this vulnerability, WPA3 is affected by serious design flaws that could have been avoided with feedback from industry experts about secure WiFi. Among these flaws is the fact that WPA3 failed to introduce any new protocols, rather it only instructs which existing protocols should be supported.
WPA3 made enhancements over WPA2 using the latest security methods, disallowing outdated legacy protocols and implementing the use of Protected Management Frames (PMF). It was designed with two types of networks in mind: protection for home networks with WPA3-Personal and for enterprise networks with WPA3-Enterprise.
WPA3-Personal provides increased network password protection, while WPA3-Enterprise provides higher security protocols for enterprise networks. In WPA3-Personal networks, the SAE handshake is the replacement for Pre-Shared Key (PSK) in WPA2-Personal networks. WPA3 includes natural password selection, ease of use and forward secrecy.
What is the Dragonfly handshake?
WPA3-Personal mandates the support of SAE handshakes, which is a balanced Password Authentication Key Exchange where two endpoints (AP and AP, or AP and client) store passwords in clear text. The input for the SAE handshake is a pre-shared secret and the output is a high-entropy Pairwise Master Key. After this execution, a four-way handshake takes place to generate a Pairwise Transient Key.
6 ways Dragonblood affects your wireless network
- Denial of Service (DoS) attack. WPA3’s anti-clogging mechanism that is supposed to prevent DoS attacks does not prevent it. Hence, this can bring down access points and cause disruption on your networks.
- Downgrade attack. WPA3’s transition mode is susceptible to dictionary attacks. In this mode, a WPA3-capable access point can accept connections from both WPA2 and WPA3 client devices. If an attacker uses a man-in-the-middle attack to modify the beacons of a WPA3-capable access point to fool the client into thinking it is a WPA2 access point, during the four-way WPA2 handshake the client detects the anomaly and aborts the transmission. However, enough frames are sent during the handshake that the attacker can pull off a dictionary attack. In addition, the researchers also discovered “implementation-specific downgrade attacks when a client improperly auto-connects to a previously used WPA3-only network.”
- SAE group negotiation attack. Client devices can prioritize groups in SAE handshake according to 802.11 specifications. With SAE, when a client connects to an access point it includes the desired group in the commit frame and this process continues. “Unfortunately, there is no mechanism that detects if someone interfered with this process. This makes it trivial to force the client into using a different group: simply forge a commit frame that indicates the AP does not support the currently selected group.” This results in a downgrade attack. This method can also be used to perform upgrade attacks.
- Timing-based side-channel attacks. SAE handshake is susceptible to timing attacks that leak password information, which could later be used in password-partitioning attacks leading to the recovery of the victim’s password.
- Cache-based side-channel attacks. SAE is further susceptible to vulnerabilities in the implementation of its algorithms, which could be leveraged in password-partitioning attacks leading to the recovery of the victim’s password.
- EAP-PWD. Affects the Extensible Authentication Protocol (EAP) that is supported in WPA2 and WPA standards. The researchers also “discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”
How to protect against Dragonblood
The Dragonblood vulnerability can be fixed with software patches. While the Wi-Fi Alliance is communicating guidelines to vendors, ensure that your network is always patched with the latest security updates from wireless device manufacturers. In combination, use strong passwords on your networks.
Does the Dragonblood vulnerability affect SonicWave wireless access points?
No. This vulnerability does not affect SonicWall wireless access points. The SonicWave access points provide superior wireless security and a dedicated third radio for security scanning. Advanced security services like the Capture Advanced Threat Protection (ATP) sandbox and Content Filtering Service (CFS) can be performed by the APs, even when they are untethered from the firewalls. It gives you the ultimate flexibility to manage wireless from the cloud or via the firewalls — without compromising security.