DragonBlood WPA3 FLaws

 As we known WPA2 has been the latest and the greatest in the terms of WiFi security for a long time now, you might have also already heard/read about the WPA3 and how its going to replace WPA2 as its more secure.

But in mid April 2019 researchers Mathy Fanhouf and Eal Ronan published a research paper in which they analysed the Dragonfly handshake, this is the handshake used the WPA3 replacing the Vulnerable 4 way handshake in WPA, in this paper they detailed a number of flaws that can be used to launch a number attacks against the latest and the greatest wifi security protocol WPA3.

What are the potential threats generated by this flaw?
The major one are as follows:
1.> Recovering the network key
2.> Downgrade Security <wpa3 to wpa2>
3.> Launching DOS attacks

In there research paper "Dragonblood: Analyzing the DragonflyHandshake of WPA3 and EAP-pwd" the mentioned that the one of the supposed advantages of the WPA3 was its more secure than WPA2, due to its underlying Dragonfly handshake, it's near impossible to crack the network key/password.But they found out that even with WPA3, an attacker within range of the victim can still recover the password.

The following CVEs were allocated for these new finding of vulnerabilities:
1-> CVE-2019-13377: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves.
2-> CVE-2019-13456: Informatoin leak in FreeRadius' EAP-pwd due to aborting when needing more than 10 iterations. 

DETAILS
Flaws in WPA3

The design flaws discovered can be divided into 2 categories. First category consist of downgrading attacks against WPA3-capable devices, and second consists of the weakness in the dragonfly handshake of WPA3, which in WI-FI standard is better known as the SAE(Simultaneous Authentication of Equals) handshake.The discoverd flaws can be abused to recover the password of the Wi-Fi network, launch resource consumption attacks, and force devices into using weaker security groups.
The following Vulnerability were found in WPA3:

1. CERT ID #VU871675: Downgrade attack against WPA3-Transtition mode leading to dictionary attacks.
2. CERT ID #VU871675: Security group downgrade attack against WPA3's Dragonfly handshake.
3. CVE-2019-9494: Timing-based side-channel attack against WPA3's Dragonfly handshake.
4. CVE-2019-9494: Cache-based side-channel attack against WPA3's Dragonfly handshake.
5. CERT ID #VU871675: Resource consumption attack (i.e. denial of service) against WPA3's Dragonfly handshake.

Flaws in EAP-pwd

The EAP-pwd protocol internally also uses Dragonfly, and provides authentication based on a username and password in certain enterprise Wi-Fi networks. It is vulnerable to the same attacks that are discovered against WPA3.On the top of that, all the implementations of the EAP-pwd that we tested were vulnerable to invalid curve attacks, which enable to adversary to complete bypass authentication. Most implementaion were also vulnerable to reflection attacks.

The following vulnerabilites were found in the EAP-pwd implementaions:

1. CERT ID #VU871675: Overview of attacks specific to hostapd and wpa_supplicant (does not cover other implementations).
2. CVE-2019-9495: Cache-based side-channel attack against the EAP-pwd implementation of hostapd and wpa_supplicant.
3. CVE-2019-9497: Reflection attack against the EAP-pwd implementation of hostapd and wpa_supplicant.
4. CVE-2019-9498: Invalid curve attack against the EAP-pwd server of hostapd resulting in authentication bypass.
5. CVE-2019-9499: Invalid curve attack against the EAP-pwd client of wpa_supplicant resulting in server impersonation.
6. CVE-2019-11234: Reflection attack against the EAP-pwd implementation of FreeRADIUS.
7. CVE-2019-11235: Invalid curve attack against the EAP-pwd server of FreeRADIUS resulting in authentication bypass.

TOOLs
These tools are not designed to attack your neighbor's WPA3<but if you do & not got caught then every thing is good>,

• Dragonslayer: performs invalid curve attacks against EAP-pwd clients and server. These attacks bypass authentication: an adversary only needs to possess a valid username.
• Dragondrain: this tool can be used to test wether, or to which extend, an Access Point is vulnerable to denial-of-service attacks against WPA3's SAE handshake.
• Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 are supported. Note that most WPA3 implementations by default do not enable these groups.
• Dragonforce: this is an experimental tool which takes the information recovered from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.

In practice the main risks for WPA3 are downgrade attacks, and possible timing attacks against resource-constrained devices. The authentication bypass attacks against EAP-pwd that are implemented in Dragonslayer are also security critical in practice. Considering the other attacks are non-trivial in practice, and assuming vendors will implement defenses against them, we expect that your neighbour won't abuse them to attack you. 


Content Reference :

• https://www.youtube.com/watch?v=-Qc23Pn9bTU
• https://wpa3.mathyvanhoef.com/
• https://eprint.iacr.org/2019/383.pdf