Simultaneous Authentication of Equals (SAE)
Simultaneous Authentication of Equals (SAE) is a secure key exchange protocol used in Wi-Fi networks. It is primarily utilized in the Wi-Fi Protected Access 3 (WPA3) security standard.
SAE is based on the mathematical "Dragonfly" algorithm, which allows both the client and the access point to authenticate each other simultaneously. During the authentication process, both parties prove that they possess the same password without revealing any information that an attacker could use to guess the password.
The SAE protocol works as follows:
- Client and Access Point Initiation: The client and access point exchange messages to initiate the SAE handshake.
- Commitment and Computation: Each party generates a cryptographic commitment based on their password and a random value.
- Mutual Exchange: The client and access point exchange their commitments while ensuring that an attacker cannot obtain enough information to perform an offline dictionary attack.
- Confirmation: Both parties then use the exchanged commitments to compute a confirmation value that proves they possess the same password.
- Key Derivation: Finally, the client and access point use the confirmation value to derive a secure encryption key for their communication.
By using the SAE protocol, WPA3 provides stronger protection against offline brute-force attacks that are possible with WPA2's pre-shared key method.