In
cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, Simultaneous Authentication of Equals (SAE) is a
password
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
-based authentication and
password-authenticated key agreement
In cryptography, a password-authenticated key agreement (PAK) method is an interactive method for two or more parties to establish cryptographic keys based on one or more parties' knowledge of a password.
An important property is that an eavesdrop ...
method.
Authentication
SAE is a variant of the
Dragonfly Key Exchange defined in , based on
Diffie–Hellman key exchange
Diffie–Hellman (DH) key exchangeSynonyms of Diffie–Hellman key exchange include:
* Diffie–Hellman–Merkle key exchange
* Diffie–Hellman key agreement
* Diffie–Hellman key establishment
* Diffie–Hellman key negotiation
* Exponential ke ...
using
finite cyclic groups which can be a
primary cyclic group
In mathematics, a primary cyclic group is a group that is both a cyclic group and a ''p''-primary group for some prime number ''p''.
That is, it is a cyclic group of order ''p'', C, for some prime number ''p'', and natural number ''m''.
Every ...
or an
elliptic curve
In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the ...
.
The problem of using Diffie–Hellman key exchange is that it does not have an authentication mechanism. So the resulting key is influenced by a
pre-shared key
In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
Key
To build a key from shared secret, the key derivation function is typically us ...
and the
MAC address
A MAC address (short for medium access control address or media access control address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use i ...
es of both peers to solve the
authentication problem.
Use
IEEE 802.11s
SAE was originally implemented for use between
peers in
IEEE 802.11s.
When peers discover each other (and security is enabled) they take part in an SAE exchange. If SAE completes successfully, each peer knows the other party possesses the mesh password and, as a by-product of the SAE exchange, the two peers establish a cryptographically strong key. This key is used with the "Authenticated Mesh Peering Exchange" (AMPE) to establish a secure peering and derive a session key to protect mesh traffic, including routing traffic.
WPA3
In January 2018, the
Wi-Fi Alliance
The Wi-Fi Alliance is a non-profit organization that owns the Wi-Fi trademark. Manufacturers may use the trademark to brand products certified for Wi-Fi interoperability. It is based in Austin, Texas.
History
Early IEEE 802.11, 802.11 product ...
announced
WPA3
Wi-Fi Protected Access (WPA) (Wireless Protected Access), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer n ...
as a replacement to
WPA2
Wi-Fi Protected Access (WPA) (Wireless Protected Access), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer n ...
.
The new standard uses 128-bit encryption in WPA3-Personal mode (192-bit in WPA3-Enterprise) and
forward secrecy
In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session ke ...
. The WPA3 standard also replaces the
pre-shared key
In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
Key
To build a key from shared secret, the key derivation function is typically us ...
(PSK) exchange with Simultaneous Authentication of Equals as defined in
IEEE 802.11-2016 resulting in a more secure initial key exchange in personal mode. The Wi-Fi Alliance also claims that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface.
Security
In 2019 Eyal Ronen and Mathy Vanhoef (co-author of the
KRACK attack) released an analysis of WPA3's Dragonfly handshake and found that "an attacker within range of a victim can still recover the password" and the bugs found "allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password."
See also
*
Extensible Authentication Protocol
Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in , which made obsolete, and is updated by .
EAP is an authentication framework for providing the transport ...
(EAP)
*
Key-agreement protocol
In cryptography, a key-agreement protocol is a protocol whereby two (or more) parties generate a cryptographic Key (cryptography), key as a function of information provided by each honest party so that no party can predetermine the resulting value ...
*
KRACK
*
IEEE 802.1X
References
Further reading
*
*
{{IEEE standards
Password authentication
Authentication protocols
Key-agreement protocols
Computer network security
Cryptographic protocols
IEEE 802.11