AuthSAE for WiFi
rgm at htt-consult.com
Mon May 16 18:07:25 UTC 2011
A new Authentication mode for 802.11 is coming.
It is part of 802.11s and is call: Simultaneous Authentication of Equals
(SAE). It is a 'Zero-Knowledge' method. The author is Dan Harkins of
Aruba; Dan is one of the original IKE (of IPsec) authors. We have
worked together on a number of security protocols over the years (I
co-chaired IPsec back then).
I am the author of the original paper on the attack on 802.11i
Pre-Shared Key Authentication (and one of the contributors to its
design). With SAE there is NO offline attack (well unless you can
factor an Elliptic Curve) and you only get one guess per authentication
attempt in an active attack.
The source of SAE is at: http://authsae.sourceforge.net/
It's being used in the open11s project done by cozybit. It would be
nice to get it into Fedora sooner rather than later.
Note, eventhough 11s is about mesh wireless networks, SAE can be used
NOW in 'classic' STA to AP authentication (or AdHoc wireless).
More information about the test