Recently, the Dragonblood attacks have attracted new interests on the security of WPA-3 implementation and in particular on the Dragonfly code deployed on many open-source libraries. One attack concerns the protection of users passwords during authentication. In the Password Authentication Key Exchange (PAKE) protocol called Dragonfly, the secret, namely the password, is mapped to an elliptic curve point. This operation is sensitive, as it involves the secret password, and therefore its resistance against side-channel attacks is of utmost importance. Following the initial disclosure of Dragonblood, we notice that this particular attack has been partially patched by only a few implementations. In this work, we show that the patches implemented after the disclosure of Dragonblood are insufficient. We took advantage of state-of-the-art techniques to extend the original attack, demonstrating that we are able to recover the password with only a third of the measurements needed in Dragonblood attack. We mainly apply our attack on two open-source projects: iwd (iNet Wireless Daemon) and FreeRADIUS, in order underline the practicability of our attack. Indeed, the iwd package, written by Intel, is already deployed in the Arch Linux distribution, which is well-known among security experts, and aims to offer an alternative to wpa\_supplicant. As for FreeRADIUS, it is widely deployed and well-maintained upstream open-source project. We publish a full Proof of Concept of our attack, and actively participated in the process of patching the vulnerable code. Here, in a backward compatibility perspective, we advise the use of a branch-free implementation as a mitigation technique, as what was used in hostapd, due to its quite simplicity and its negligible incurred overhead.
翻译:最近,龙流袭击吸引了人们对 WPA-3 实施安全的新兴趣,特别是对许多开放源码图书馆部署的“龙蝇”代码。其中一起袭击涉及验证过程中用户密码的保护。在密码验证密钥交换(PAKK)协议中,秘密(即密码)被映射到一个椭圆曲线点。这项行动很敏感,因为它涉及秘密密码,因此它抵抗侧道攻击是极为重要的。在龙流初步披露后,我们注意到这次特定攻击的兼容性只部分地被几个执行部分地弥补了。在这项工作中,我们表明在披露“龙流”后执行的漏洞是不够的。我们利用了“龙流”(PAKKK)密码验证密码交换(PAK)程序,这个秘密密码被映射到“龙流”攻击所需的测量的三分之一。我们主要对两个开放源项目进行攻击:iwd(iWireles Daimon)和FreeRADIUS项目进行攻击,目的是要强调我们攻击的准确性。事实上的iWAD软件包被广泛使用,这是用来在“透明”的“透明化”程序中,一个“透明化的“ODLADL”程序,这是用来在“ODRDLADRD”数据库中,一个“透明化”中,一个“OD(ODLDUDLD”程序,一个“ODS”程序,一个正常”程序,用来用来用来在“透明化的正常中,用来向”程序,用来在“透明化的正常进行。