• caglararli@hotmail.com
  • 05386281520

Can an evil AP prevent real connections by claiming SAE-PK is needed?

Çağlar Arlı      -    23 Views

Can an evil AP prevent real connections by claiming SAE-PK is needed?

Is it possible to prevent SAE-PK-respecting WiFi clients from connecting to a real AP that doesn't use SAE-PK by planting an AP that broadcasts the "SAE-PK Passwords Used Exclusively" bit with the same SSID? Potential clients might then complain that the password for the real network didn't match an expected public key, resulting in a Denial of Service.

6.5.3 SAE-PK STA operation

[…]

When a STA has SAE-PK enabled for a Network Profile, and is selecting between discovered APs in that Network Profile (SSID) that it considers suitable candidates for association, it shall attempt to authenticate with an AP that advertises support for SAE-PK, before attempting to authenticate with any AP that is not advertising support for SAE-PK.

NOTE: How a STA determines whether an AP is a suitable candidate for association is out of scope of this specification. A STA might determine that an AP is not suitable if it predicts an acceptable level of link quality will not be achieved.

Is this DoS concern explicitly part of the "suitable candidate for association" out-of-scope note, above? Is there some other consideration I'm missing? Or is the whole thing moot, because a DoS Evil Twin might as well be a MitM Evil Twin?