This project focuses on in-depth security research of the WPA3 (Wi-Fi Protected Access 3) protocol, which was designed to replace WPA2 and address its known vulnerabilities. Despite being marketed as a major security improvement, WPA3 introduced its own set of potential weaknesses that are worth investigating.
The research covers the Simultaneous Authentication of Equals (SAE) handshake mechanism, also known as Dragonfly, which replaces the traditional 4-way handshake used in WPA2. The analysis examines known attack vectors including Dragonblood vulnerabilities — a set of side-channel and downgrade attacks discovered by Mathy Vanhoef and Eyal Ronen in 2019.
Key areas of investigation include timing-based side-channel attacks against the SAE handshake, cache-based side-channel attacks, transition mode downgrade attacks (where a network supports both WPA2 and WPA3), and denial-of-service vectors targeting the computationally expensive SAE handshake. The project also explores how different vendor implementations handle these edge cases and whether patches have effectively mitigated the original Dragonblood findings.
The research is conducted in a controlled lab environment using dedicated wireless hardware, custom scripts, and tools like hostapd, wpa_supplicant, and Wireshark for traffic capture and protocol analysis.