Help me understand SAE for WPA3
WiFi Alliance has announced that WPA3 will include SAE protocol, which is based on the Dragonfly handshake, leaving behind the 4-way handshake used in WPA2 that was vulnerable to KRACK.
From what I could gather, the device and the router agree on some elliptic curve parameters prior to SAE. They apply a known transformation (e.g. PBKDF2) to the network password, and each STA generates the password element (PWE), a secret value (called rand), and a temporal value (called mask). These values shall not be used in successive protocol runs.
So once this is all derived, SAE protocol uses two message exchanges to establish the connection: a commit and a verification message. STA-A generated the commit message using the PWE and the generated secrets.
When this is sent, if the STA-B checks that the commit message is not validated (expects a value in the message that can be computed using the secrets generated in STA-B), then the authentication fails and the connection process is terminated. Otherwise if successful, a Key (K) is generated. Then K is hashed and a KCK and the PMK are derived from it.
A verification message is sent to STA-A. When STA-A receives the verification message, it verifies that the values given match with what STA-A expected. If everything is okay, then STA-A generates the PMK.
Now with the PMK data encryption, using AES can take place. Is what I understood correct?
Also, I have read that SAE provides forward secrecy. How is that achieved? Is a new PMK generated (i.e. key renovations) each time a message is sent (so does SAE run every time a message is sent)?
