[Colloq] Visiting Research Speaker: Mon. Jan 13 @ 1:30 pm in 655 ISEC: Mathy Vanhoef "Dragonblood: Attacking the Dragonfly Handshake of WPA3 and EAP-pwd"/ Faculty Host: Aanjhan Ranganathan

[Khoury Academic Affairs]

Visiting Research Speaker: Mon. Jan. 13 @ 1:30 pm in 655 ISEC: Mathy Vanhoef "Dragonblood: Attacking the Dragonfly Handshake of WPA3 and EAP-pwd"

Date: Monday, January 13, 2019

Time: 1:30 - 2:30 pm

Speaker: Mathy Vanhoef

Talk Title: "Dragonblood: Attacking the Dragonfly Handshake of WPA3 and EAP-pwd"

Location: 655 ISEC

Abstract: In this talk, we show that the Dragonfly handshake of WPA3 and EAP-pwd is affected by several design and implementations flaws. Most prominently, we present side-channel leaks that allow an adversary to perform brute-force attacks on the password. Additionally, we present invalid curve attacks against all EAP-pwd and one WPA3 implementation. These implementation-specific attacks enable an adversary to bypass authentication. Finally, we briefly discuss countermeasures that have been incorporated into the Wi-Fi standard.

Bio: Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. He is most well-known for his KRACK attack against WPA2 and the RC4 NOMORE attack against RC4. His research interest lies in computer security with a focus on network security, wireless security (e.g. Wi-Fi), network protocols, and applied cryptography. Currently, his research is about analyzing security protocols to automatically discover (logical) implementation vulnerabilities.



Faculty host: Aanjhan Ranganathan