Wi-Fi Security in Wireless Networks WPA2 & WPA3
Do anyone of you thought about its security that it provides.If a person gains access for it, then he can gain access on your every personal information residing in your device. These information is like Network traffic, personal e-mails & messages or infect your device with a malware.
To create a secure wireless network , there are some security measures which are followed by WiFi Alliance. As you already know that WPA2 is the world’s safest security standard which is coded in the WiFi routers & devices after 2004. After this WEP came as the successor of WPA2 which shows the protocol of secure wireless network for 12 years. Now in 2018, the era of WPA2 has come to an end. The hidden flaw is uncovered in the core level of protocol implementation of WPA2 security.
The Four Way Handshake
When a client wants to connect in a WiFi network, a four way handshake is made between client & Network. The main motto of 4 way handshake is:-
- Verify the Client posses Valid credentials
- Creation of PTK (Pairwise Transient Key) which is used for encryption
After the four way handshake is done, the data packets are encrypted with fresh key (generated at a time)
The Encryption Process
Through the encryption process, PTK & Nonce (Packet Number) is mixed to get a Per packet Key. The Nonce is packet identity that is increased by one for every packet The packet key for each is unique & used only once. The plain text is encrypted with per packet key to encrypt the message, when transmitted to the receiver.
Nonce is not allowed to repeat. The reuse of Nonce is using same key for encryption of multiple data packets.
The KRACK – Key Re-Installation Attacks
KRACK attack is performed by creating a rogue point in different channel & performs a MITM (man in the middle attack) against a 4 way handshake.
After client receives third packet, it installs the key & send acknowledgement. The attacker resides between the access point & client & block the 4th packet from reaching the access point.
If the access point doesn’t receive the acknowledgement for the 3rd packet, then packet will be considered as lost & will be re-transmitted to client. That’s how the client will receive message 3 multiple time.
As per the protocol , the client receives the message 3 , it will install the key. This shows that it will install the same key over & over again which cause the incremental transmit packet number to reset & replay counter used by the encryption protocol. This flaw leads to the decryption of the packets, replay attacks and man in the middle attacks.
Release of WPA3
On 8th January 2018, WiFi alliance announced the latest Wi-Fi WPA security standard i.e. WPA3. It will be available in mid 2018. This protocol will eliminate the security risks and attacks that are up today including the Key Re-installation Attacks (KRACK).
Key Features of WPA3
Enables easy connectivity to devices without display
There are so any devices without display like IOT , micro-controllers which requires connection via another device (cable) to configure it to connect it to a WIi-Fi network. Now in WPA3 , we can can configure such devices using another device.
This feature provides robust protection even when users choose passwords that fall short of typical complexity recommendations & simplify the process of configuring security devices without display interface. In WPA3, you can use your phone or laptop to connect with a IOT device which has no display unit.
Open WiFi Security
In an open WI-Fi , there is no security in the network. These open WiFi is seen in so many public places like restaurants & airports. As there is no sort of encryption used in the open WI-Fi , anyone can sniff the traffic & perform any user attack on the user’s information. WPA3 provided data protection mechanism called Individual Data Encryption even for WiFi networks with no passwords.
Individual Data Encryption
This technique encrypts the data packets of each devices with separate keys which will prevent the attackers from sniffing the traffic improving privacy and security.
Brute-force Attack Prevention
Brute force attack is a very common attack where the hackers uses a list of a password to attack the network.In WPA3 , brute force prevention mechanism is crated where the user is blocked from the connection to the network after the fixed number of failed attempts. , which makes attacker more difficult to try brute force technique.
Strong Protection for Weak Passwords
In WPA2 , the password is considered as weak, when a password is less than 8 digits or if it does not have alpha-numeric and special characters. The protection layer of WPA3 provides robust protection for networks even if password is weak.
That’s all for now. If you like this article, then please provide some feedback to us in the comment section. You can follow us on social platforms to connect with us. Thank You.