挖掘WPA3

By now, you’ve probably seen the bullet points from the press release reiterated, but if you haven’t, read this Airheads Blog that was recently posted. The most interesting points are:

• Higher level of protection in open networks using Opportunistic Wireless Encryption (OWE)
• 不论密码复杂性如何使用Equals（SAE）提供更多保护
• Device Provisioning Protocol (DPP) will provide easier and more secure onboarding of IoT devices (such as devices with no display)

这里的技术细节并不多，但这听起来很有希望。但是，如果您实际上开始四处寻找关键短语，则可以找到一些有趣的技术细节。

机会性无线加密

Let’s start with OWE. If you read RFC 8110, you’ll discover that it is titled机会性无线加密并准确地描述了WFA在谈论的内容，但具有技术细节。实际上很简单。客户将将其Diffie-Hellman（DH）公共密钥添加到协会请求中，AP将其DH公共密钥添加到协会响应中。协会完成后，他们将完成其DH密钥交换，并创建一个成对的主密钥（PMK）以用于通常的4向握手，此时其他一切都像今天一样工作。

Simultaneous Authentication of Equals

如何同时验证= (SA)E) improve security, even when passwords aren’t very complex? Well, SAE is more complex and I won’t pretend to fully understand it. However, it was part of the 802.11s (Mesh Networking) amendment, so the concept is really just being extended to non-mesh clients. The reason it is authentication of "equals" is that there is no concept of an initiator or responder; both sides are equals and authenticate each other simultaneously. This came out of an Aruba protocol calledDragonfly,which you can read more about here. According to the description of SAE in 802.11-2016 (page 1935), the protocol has some pretty impressive security features:

• 攻击者无法通过被动观察交换或通过忠实地中继两个Stas之间的消息来确定密码或结果PMK。
• An attacker is unable to determine either the password or the resulting shared key by modifying, forging, or replaying frames to an honest, uncorrupted STA.
• An attacker is unable to make more than one guess at the password per attack. This implies that the attacker cannot make one attack and then go offline and make repeated guesses at the password until successful. In other words, SAE is resistant to dictionary attack.
• 从协议的先前运行中妥协PMK并不能为试图从任何其他实例确定密码或共享键的对手提供任何优势。
• Compromise of the password does not provide any advantage to an adversary in attempting to determine the PMK from the previous instance.

非常令人印象深刻。我期待对这项工作的工作方式有更好的了解。

Device Provisioning Protocol

This one appears to actually be new. There is a DRAFT technical specification that is public, which you can download from the WFA (registration required). It looks like the idea here is for essentially an automated onboarding system. The network has a配置器which supports the setup ofEnrollees（设备）。这是通过某种形式的OOB机制进行引导的，例如QR码或NFC。一切都在注册过程中加密，因此Bootstrap信息的一部分包括注册人的公钥。

The DPP protocol uses the bootstrap information to authenticate the enrollee, after which DPP switches to a configuration phase. During DPP configuration, the device is configured with the required information to allow it to associate with an 802.11 network. This one is also complex enough that I’m still working to understand it. It’s being billed as a way to get IoT devices on to the network more easily, but it seems like it might be a good fit for a lot more than that.

结束思想

That’s great, but when will we see this implemented? Well, there are several variables here. The biggest variable is when the WFA starts certifying WPA3 devices and publishes the requirements. They say certification will begin in 2018.

Fortunately, fairly recent existing hardware should be able to support WPA3 through a software upgrade. One question will be what features are optional and which are mandatory. It seems like optional features often don’t get implemented (PCF, anyone?). The last update I saw from the WFA said that DPP was optional, so I’m hopeful that means OWE and SAE will be required. Since the authors for the OWE RFC work for HPE and Google, the odds seem good (wild speculation here!) that Aruba APs and Android devices will support that pretty quickly. Since SAE is already a part of 802.11 mesh networking, that may be relatively easy to add on the infrastructure side.

但是，WPA3普遍存在要需要一段时间。有一些较旧的设备无法支持WPA3，或者永远不会升级以支持它。基础架构将需要升级以及许多客户真正启动之前。希望它很快起飞！