Reduced Side Channel Timing Attack in Dragonfly Handshake of WPA3 for MODP Group

Abstract

The scale of wireless network and the number of wireless devices are increasing day by day. Prevention of unauthorized access to protect the data in wireless network has become a vital part of wireless security. Wi-Fi alliance announced WPA3 as successor to WPA2 after the 'Key Reinstallation Attack' was run against WPA2. WPA3 uses Dragonfly handshake for mutual authentication between a client and an Access Point. But a serious vulnerability named side channel timing leak was found in the password conversion method of Dragonfly Handshake. MODP group has taken into consideration for the conversion of password element because dragonfly supports both MODP and ECC group. Any attacker in the range of a Wi-Fi network can run a brute- force dictionary attack using the leaked timing information. In this work, a method has proposed and designed to reduce the Timing Based Side Chanel Attack. This method is consist of three different parts: Fixing number of iterations, Generation of a database of Password Element, Random choice of a Password Element from the database. Leaked Timing Information Creation of the signature of password has been illustrated. Finally, the complications for an attacker to hack the password are stated.