Understand attacks on WPA2/WPA3: KRACKs and Dragonblood
Abstract
I thought behind JANOG 41 (https://www.janog.gr.jp/meeting/janog41/program/kracks) that someone would surely explain the KRACKs attack announced in October 2017, so I made it a rather strange title, but I was sad that no one has mentioned it since.
The Wi-Fi Alliance declared its support for the then-current version of WPA2, and in June 2018 several fundamental improvements were made to WPA3.
However, in April 2019, the same researcher who devised the KRACKs attack published Dragonblood, an attack technique against WPA3, which added to the sadness.
This article provides an overview of both KRACKs and Dragonblood attack techniques, and then considers what to do if similar attack techniques are discovered in the future.
Here is an example of a thought experiment on what was a problem in the past wireless protocols represented by WPA2, and what kind of countermeasures should be taken by deepening the understanding (For example, whether it is suspension of use or risk acceptance, etc.).
