WPA2 ã䜿çšããã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«å¯Ÿãã KRACK æ»æã®äœæè ã§ãã Mathy Vanhoef æ°ãšãTLS ã«å¯Ÿããããã€ãã®æ»æã®å ±èè ã§ãã Eyal Ronen æ°ã¯ããã®ãã¯ãããžãŒã® 2019 ã€ã®èåŒ±æ§ (CVE-9494-2019 ïœ CVE-9499-3) ã«é¢ããæ å ±ãå ¬éããŸããã WPA3 ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ãä¿è·ãããã¹ã¯ãŒããç¥ããªããŠãæ¥ç¶ãã¹ã¯ãŒããåäœæããŠã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããããã«ããŸãããããã®è匱æ§ã¯ç·ç§°ããŠãDragonbloodããšããã³ãŒãåã§åŒã°ããŠããããªãã©ã€ã³ã§ã®ãã¹ã¯ãŒãæšæž¬ã«å¯Ÿããä¿è·ãæäŸãã Dragonfly æ¥ç¶ããŽã·ãšãŒã·ã§ã³æ¹æ³ã䟵害ãããå¯èœæ§ããããŸãã WPAXNUMX ã«å ããŠãDragonfly æ¹åŒã¯ãAndroidãRADIUS ãµãŒããŒãããã³ hostapd/wpa_supplicant ã§äœ¿çšããã EAP-pwd ãããã³ã«ã§ã®èŸæžæšæž¬ããä¿è·ããããã«ã䜿çšãããŸãã
ãã®èª¿æ»ã§ã¯ãWPA3 ã«ããã 2 ã€ã®äž»ãªã¿ã€ãã®ã¢ãŒããã¯ãã£äžã®åé¡ãç¹å®ãããŸãããã©ã¡ãã®ã¿ã€ãã®åé¡ããæçµçã«ã¯ã¢ã¯ã»ã¹ ãã¹ã¯ãŒããåæ§ç¯ããããã«äœ¿çšã§ããŸããæåã®ã¿ã€ãã§ã¯ãä¿¡é Œæ§ã®äœãæå·åæ¹åŒã«ããŒã«ããã¯ã§ããŸã (ããŠã³ã°ã¬ãŒãæ»æ)ãWPA2 ãšã®äºææ§ã確ä¿ããããã®ããŒã« (WPA3 ãš WPA2 ã®äœ¿çšãèš±å¯ãããã©ã³ãžãã ã¢ãŒã) ã«ãããæ»æè ã¯ã¯ã©ã€ã¢ã³ãã« 2 段éã®æ¥ç¶ããŽã·ãšãŒã·ã§ã³ã匷å¶çã«å®è¡ãããããšãã§ããŸãã WPAXNUMX ã«ãã£ãŠäœ¿çšãããWPAXNUMX ã«é©çšãããåŸæ¥ã®ãã«ãŒã ãã©ãŒã¹æ»æãã¹ã¯ãŒããããã«äœ¿çšã§ããããã«ãªããŸããããã«ãDragonfly æ¥ç¶ãããã³ã°æ¹åŒã«å¯ŸããŠçŽæ¥ããŠã³ã°ã¬ãŒãæ»æãå®è¡ããå¯èœæ§ã確èªãããŠãããå®å šæ§ã®äœãã¿ã€ãã®æ¥åæ²ç·ã«ããŒã«ããã¯ããããšãå¯èœã«ãªããŸãã
XNUMX çªç®ã®ã¿ã€ãã®åé¡ã¯ããµãŒãããŒãã£ã®ãã£ãã«ãä»ããŠãã¹ã¯ãŒãã®ç¹æ§ã«é¢ããæ å ±ãæŒæŽ©ãããã®ã§ãDragonfly ã®ãã¹ã¯ãŒã ãšã³ã³ãŒãæ¹åŒã®æ¬ é¥ã«åºã¥ããŠãããæäœäžã®é 延ã®å€åãªã©ã®éæ¥çãªããŒã¿ã«ãã£ãŠå ã®ãã¹ã¯ãŒããåäœæãããå¯èœæ§ããããŸãã ã Dragonfly ã®ããã·ã¥ããã«ãŒããžã®ã¢ã«ãŽãªãºã ã¯ãã£ãã·ã¥æ»æãåãããããããã·ã¥ããã°ã«ãŒããžã®ã¢ã«ãŽãªãºã ã¯å®è¡æéæ»æ (ã¿ã€ãã³ã°æ»æ) ã®åœ±é¿ãåãããããªã£ãŠããŸãã
ãã£ãã·ã¥ ãã€ãã³ã°æ»æãå®è¡ããã«ã¯ãæ»æè ãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«æ¥ç¶ããŠãããŠãŒã¶ãŒã®ã·ã¹ãã äžã§ç¹æš©ã®ãªãã³ãŒããå®è¡ã§ããå¿ èŠããããŸããã©ã¡ãã®æ¹æ³ã§ãããã¹ã¯ãŒãéžæããã»ã¹äžã«ãã¹ã¯ãŒãã®åéšåã®æ£ããéžæãæ確ã«ããããã«å¿ èŠãªæ å ±ãååŸã§ããŸããæ»æã®æå¹æ§ã¯éåžžã«é«ããå°æåãå«ã 8 æåã®ãã¹ã¯ãŒããæšæž¬ã§ãããããååã§ãããã³ãã·ã§ã€ã¯ ã»ãã·ã§ã³ã¯ 40 åã®ã¿ã§ãAmazon EC2 ã®å®¹éã 125 ãã«ã§ã¬ã³ã¿ã«ããã®ãšåçã®ãªãœãŒã¹ãæ¶è²»ãããŸãã
ç¹å®ãããè匱æ§ã«åºã¥ããŠãããã€ãã®æ»æã·ããªãªãææ¡ãããŠããŸãã
- èŸæžéžæãå®è¡ããæ©èœãåãã WPA2 ã«å¯ŸããããŒã«ããã¯æ»æãã¯ã©ã€ã¢ã³ããšã¢ã¯ã»ã¹ ãã€ã³ãã WPA3 ãš WPA2 ã®äž¡æ¹ããµããŒãããŠããç°å¢ã§ã¯ãæ»æè
ã¯ãWPA2 ã®ã¿ããµããŒãããåããããã¯ãŒã¯åãæã€ç¬èªã®äžæ£ãªã¢ã¯ã»ã¹ ãã€ã³ããå±éããå¯èœæ§ããããŸãããã®ãããªç¶æ³ã§ã¯ãã¯ã©ã€ã¢ã³ã㯠WPA2 ã®ç¹åŸŽã§ããæ¥ç¶ããŽã·ãšãŒã·ã§ã³æ¹æ³ã䜿çšããŸãããã®éããã®ãããªããŒã«ããã¯ã¯èš±å®¹ãããªããšå€æãããŸãããããã¯ãã£ãã« ããŽã·ãšãŒã·ã§ã³ ã¡ãã»ãŒãžãéä¿¡ãããå¿
èŠãªæ
å ±ããã¹ãŠæã£ã段éã§è¡ãããŸããèŸæžæ»æããã§ã«æŒæŽ©ããŠããããã§ããåæ§ã®æ¹æ³ã䜿çšããŠãSAE ã§åé¡ã®ããããŒãžã§ã³ã®æ¥åæ²ç·ãããŒã«ããã¯ã§ããŸãã
ããã«ãwpa_supplicant ã®ä»£æ¿ãšã㊠Intel ã«ãã£ãŠéçºããã iwd ããŒã¢ã³ãš Samsung Galaxy S10 ã¯ã€ã€ã¬ã¹ ã¹ã¿ãã¯ã¯ãWPA3 ã®ã¿ã䜿çšãããããã¯ãŒã¯ã§ãããŠã³ã°ã¬ãŒãæ»æãåããããããšãå€æããŸãã (ãããã®ããã€ã¹ã以åã« WPA3 ãããã¯ãŒã¯ã«æ¥ç¶ãããŠããå Žå)ã ãåãååã®ãã㌠WPA2 ãããã¯ãŒã¯ãžã®æ¥ç¶ãè©Šã¿ãŸãã
- ããã»ããµ ãã£ãã·ã¥ããæ å ±ãæœåºãããµã€ããã£ãã«æ»æã Dragonfly ã®ãã¹ã¯ãŒã ãšã³ã³ãŒã ã¢ã«ãŽãªãºã ã«ã¯æ¡ä»¶åå²ãå«ãŸããŠãããæ»æè ã¯ã¯ã€ã€ã¬ã¹ ãŠãŒã¶ãŒã®ã·ã¹ãã äžã§ã³ãŒããå®è¡ã§ããããããã£ãã·ã¥åäœã®åæã«åºã¥ããŠãã©ã® if-then-else åŒãããã¯ãéžæãããŠããããå€æã§ããŸããååŸããæ å ±ã¯ãWPA2 ãã¹ã¯ãŒãã«å¯Ÿãããªãã©ã€ã³èŸæžæ»æãšåæ§ã®æ¹æ³ã䜿çšããŠãããã°ã¬ãã·ããªãã¹ã¯ãŒãæšæž¬ãå®è¡ããããã«äœ¿çšã§ããŸããä¿è·ã®ããã«ãåŠçãããããŒã¿ã®æ§è³ªã«é¢ä¿ãªããäžå®ã®å®è¡æéãæã€æäœã®äœ¿çšã«åãæ¿ããããšãææ¡ãããŠããŸãã
- æäœã®å®è¡æéãæšå®ãããµã€ããã£ãã«æ»æã Dragonfly ã®ã³ãŒãã¯ãè€æ°ã®ä¹æ³ã°ã«ãŒã (MODP) ã䜿çšããŠãã¹ã¯ãŒããšå¯å€ã®å埩åæ°ããšã³ã³ãŒãããŸããå埩åæ°ã¯ã䜿çšããããã¹ã¯ãŒããšã¢ã¯ã»ã¹ ãã€ã³ããŸãã¯ã¯ã©ã€ã¢ã³ãã® MAC ã¢ãã¬ã¹ã«ãã£ãŠç°ãªããŸãããªã¢ãŒãã®æ»æè ã¯ããã¹ã¯ãŒãã®ãšã³ã³ãŒãäžã«å®è¡ãããå埩åæ°ãç¹å®ããããã段éçãªãã¹ã¯ãŒãæšæž¬ã®ææšãšããŠäœ¿çšããå¯èœæ§ããããŸãã
- ãµãŒãã¹æåŠã³ãŒã«ãæ»æè ã¯ã倧éã®éä¿¡ãã£ãã« ããŽã·ãšãŒã·ã§ã³èŠæ±ãéä¿¡ããããšã§ãå©çšå¯èœãªãªãœãŒã¹ãæ¯æžããããšã«ãããã¢ã¯ã»ã¹ ãã€ã³ãã®ç¹å®ã®æ©èœã®åäœããããã¯ããå¯èœæ§ããããŸãã WPA3 ãæäŸãããã©ããä¿è·ããã€ãã¹ããã«ã¯ãå埩ããªãæ¶ç©ºã® MAC ã¢ãã¬ã¹ãããªã¯ãšã¹ããéä¿¡ããã ãã§ååã§ãã
- WPA3 æ¥ç¶ããŽã·ãšãŒã·ã§ã³ ããã»ã¹ã§äœ¿çšãããå®å
šæ§ã®äœãæå·åã°ã«ãŒãã«ãã©ãŒã«ããã¯ããŸããããšãã°ãã¯ã©ã€ã¢ã³ããæ¥åæ²ç· P-521 ããã³ P-256 ããµããŒãããP-521 ãåªå
ãªãã·ã§ã³ãšããŠäœ¿çšããå Žåãæ»æè
ã¯ãµããŒãã«é¢ä¿ãªãã
ã¢ã¯ã»ã¹ ãã€ã³ãåŽã® P-521 ã¯ãã¯ã©ã€ã¢ã³ãã« P-256 ã®äœ¿çšã匷å¶ã§ããŸãããã®æ»æã¯ãæ¥ç¶ããŽã·ãšãŒã·ã§ã³ ããã»ã¹äžã«äžéšã®ã¡ãã»ãŒãžããã£ã«ã¿ãŒã§é€å€ããç¹å®ã®ã¿ã€ãã®æ¥åæ²ç·ããµããŒããããŠããªãããšã«é¢ããæ å ±ãå«ãåœã®ã¡ãã»ãŒãžãéä¿¡ããããšã«ãã£ãŠå®è¡ãããŸãã
ããã€ã¹ã®è匱æ§ããã§ãã¯ããããã«ãæ»æã®äŸãå«ãããã€ãã®ã¹ã¯ãªãããçšæãããŠããŸãã
- Dragonslayer - EAP-pwd ã«å¯Ÿããæ»æã®å®è£ ã
- Dragondrain ã¯ãSAE (Simultaneous Authentication of Equals) æ¥ç¶ããŽã·ãšãŒã·ã§ã³æ¹æ³ã®å®è£ ã«ãããè匱æ§ã«ã€ããŠã¢ã¯ã»ã¹ ãã€ã³ãã®è匱æ§ããã§ãã¯ããããã®ãŠãŒãã£ãªãã£ã§ãããããã¯ãµãŒãã¹æåŠãéå§ããããã«äœ¿çšãããå¯èœæ§ããããŸãã
- Dragontime - MODP ã°ã«ãŒã 22ã23ãããã³ 24 ã䜿çšããå Žåã®æäœã®åŠçæéã®éããèæ ®ããŠãSAE ã«å¯ŸããŠãµã€ããã£ãã«æ»æãå®è¡ããããã®ã¹ã¯ãªããã
- Dragonforce ã¯ãããŸããŸãªæäœã®åŠçæéã«é¢ããæ å ±ã«åºã¥ããŠæ å ±ãå埩 (ãã¹ã¯ãŒãã®æšæž¬) ãããããã£ãã·ã¥å ã®ããŒã¿ã®ä¿æãå€æãããããããã®ãŠãŒãã£ãªãã£ã§ãã
ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã®æšæºãéçºããŠãã Wi-Fi Alliance ã¯ããã®åé¡ã¯éãããæ°ã® WPA3-Personal ã®åæå®è£
ã«åœ±é¿ããŠããããã¡ãŒã ãŠã§ã¢ãšãœãããŠã§ã¢ã®ã¢ããããŒãã«ãã£ãŠä¿®æ£ã§ãããšçºè¡šããŸãããæªæã®ããã¢ã¯ã·ã§ã³ãå®è¡ããããã«è匱æ§ã䜿çšããããšããææžåãããã±ãŒã¹ã¯ãããŸãããã»ãã¥ãªãã£ã匷åããããã«ãWi-Fi Alliance ã¯å®è£
ã®æ£ç¢ºæ§ãæ€èšŒããããã«ã¯ã€ã€ã¬ã¹ ããã€ã¹èªå®ããã°ã©ã ã«è¿œå ã®ãã¹ããè¿œå ããç¹å®ãããåé¡ã®ä¿®æ£ãå
±åã§èª¿æŽããããã«ããã€ã¹ ã¡ãŒã«ãŒã«ãé£çµ¡ãåããŸããã hostap/wpa_supplicant çšã®ãããã¯ãã§ã«ãªãªãŒã¹ãããŠããŸãã Ubuntu ã§ã¯ããã±ãŒãžã®ã¢ããããŒããå©çšå¯èœã§ãã DebianãRHELãSUSE/openSUSEãArchãFedoraãFreeBSD ã«ã¯ãŸã ä¿®æ£ãããŠããªãåé¡ããããŸãã
åºæïŒ ãªãŒãã³ããã.ru