The introduction of WPA3 marked a significant step forward in the security protocols used for Wi-Fi networks. One of the cornerstone technologies in WPA3 is the Simultaneous Authentication of Equals (SAE) protocol, which replaces the vulnerable 4-way handshake previously used in WPA2. This article explores the function of SAE within WPA3, focusing particularly on how it achieves forward secrecy and thus, enhances network security.
The SAE Protocol and Its Function
SAE, based on the Dragonfly handshake, introduces a more secure method of network authentication that is resistant to common attacks like KRACK (Key Reinstallation Attack) that plagued WPA2. The process begins when both the device (STA) and the router agree on certain elliptic curve parameters. They then apply a known transformation (e.g., PBKDF2) to the network password. From this, each STA generates a Password Element (PWE), a secret value (rand), and a temporal value (mask). These values are essential for the authentication process and are not reused in successive protocol executions.
The actual authentication process involves two key exchanges:
- Commit Message: Generated by STA-A using the PWE and the generated secrets. This message is sent to STA-B, which verifies the content. If STA-B cannot validate the commit message (i.e., the expected values do not match the computed ones), the authentication fails, and the connection attempt is terminated.
- Verification Message: If the commit message is successfully validated, STA-B sends a verification message back to STA-A. STA-A then verifies that the received values match the expected ones. If they do, STA-A confirms the connection, and a Pairwise Master Key (PMK) is established.
Data Encryption with PMK
Once the PMK is established through the successful execution of the SAE protocol, data encryption can commence using Advanced Encryption Standard (AES). The PMK is foundational as it generates other keys used in the encryption and safe transmission of data across the network.
Achieving Forward Secrecy
The concept of forward secrecy in WPA3, enabled by SAE, is crucial for ensuring that past communication sessions remain secure even if a current session’s security is compromised. This is achieved by generating a new PMK for each session. Unlike in previous protocols where the encryption key was derived directly from a static password, SAE uses a dynamic approach where the keys are generated afresh for each connection. This means that even if an attacker gains access to a current PMK, they cannot decrypt past sessions.
This dynamic key generation does not typically occur with every single message sent but rather at the start of each new connection session. It’s possible for the key to be renegotiated during a session under certain conditions, but this is generally not the standard practice.
Conclusion
SAE’s introduction into WPA3 significantly enhances the security of Wi-Fi networks by integrating robust, forward-thinking cryptographic practices. By ensuring that each session’s encryption keys are unique and not derivable from static or compromised data, WPA3 with SAE provides a level of security that is critically important in today’s digital landscape.
