Thursday, January 26, 2023

TLDR: WPA3-SAE - How does it work

  • WPA3 - SAE - stands for simultaneous authentication of equals. This is a more secure mechanism than the previous WPA2-PSK [1].
  • This relies on 3 fundamental components:
    • DH - Diffie-hellman key exchange - Helps to generate a common shared key between the two WiFi entities e.g. station and client.
    • ECC (elliptic curve cryptography) - Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security [2]. ECC is used once a common pairwise key is generated using the DH key exchange.
    • Dragonfly key exchange is a mechanism for key exchange using discrete logarithm cryptography [3]. This is used with the two components above to setup SAE. See the reference for details on how it is setup [3]. Also covered in RFC7664.
labels: WiFi, TLDR, summary article, WPA3, SAE, security,