Blog
Appointment
Request for quotes
Calculate your website price
Sign-up
Sign-in

Wireless networks: WPA2 vs. WPA3

mm
Posted by Steven Kendy PIERRE
Security 0
4.5
(2)

 

Released in 2018, WPA3 is an updated and more secure version of the Wi-Fi Protected Access Protocol for securing wireless networks. As I described in the comparison between WPA2 and WPA, WPA2 has been the recommended way to secure your wireless network since 2004 because it is more secure than WEP and WPA. WPA3 brings new security enhancements that make it harder to enter networks by guessing passwords. it is also impossible to decrypt the data captured in the past, i.e. before the key (password) is decrypted.

When the Wi-Fi alliance announced the technical details of WPA3 in early 2018, its press release had four main features: a new, more secure handshake for making connections, a simple method to safely add new ones devices to a network, basic protection when using open access points, and ultimately increasing the size of keys.

The final spec only mandates the new handshake, but some manufacturers will implement the other features as well.

New handshake: Simultaneous Peer-to-Peer (SAE) authentication

When a device tries to connect to a password protected Wi-Fi network, the steps for providing and verifying the password are followed through a 4-way link. In WPA2, this part of the protocol was vulnerable to KRACK attacks:

In a key reinstallation attack [KRACK], the adversary tricks a victim into reinstalling a key that has already been used. This is achieved by manipulating and replaying cryptographic negotiation messages. When the victim reinstalls the key, associated parameters such as incremental transmit packet number (i.e. nonce) and receive packet number (replay counter) are reset to their original value. To ensure security, a key should only be installed and used once.
Even with updates to WPA2 to mitigate vulnerabilities in KRACK, WPA2-PSK can still be cracked. There are even how-to guides for WPA2-PSK password hacking.

WPA3 addresses this vulnerability and mitigates other issues by using a different negotiation mechanism for authentication over a Wi-Fi network: simultaneous peer-to-peer authentication, also known as Dragonfly key exchange.

Technical details of how WPA3 uses Dragonfly key exchange, which itself is a variant of SPEKE (Exponential Key Exchange with Simple Password), are described in this video.

The advantages of Dragonfly key exchange are transmission secrecy and resistance to offline decryption.

Resistant to offline decryption

A vulnerability of the WPA2 protocol is that the attacker does not have to stay connected to the network to be able to guess the password. The attacker can detect and capture the 4-way negotiation of an initial WPA2-based connection when in close proximity to the network. This captured traffic can then be used offline in a dictionary-based attack to guess the password. This means that if the password is weak, it is easily broken. In fact, alphanumeric passwords up to 16 characters long can be cracked quite quickly for WPA2 networks.

WPA3 uses the Dragonfly Key Exchange system to resist dictionary attacks. This is defined as follows:

Resistance to dictionary attacks means that any advantage an opponent can gain must be directly related to the number of interactions they make with an honest protocol participant, and not through a calculation. The adversary will not be able to obtain password information unless an estimate given by a protocol is correct or incorrect.
This feature of WPA3 protects networks where the network password, i.e. the pre-shared key (PSDK), is lower than the recommended complexity.

Secret secret

Wireless networking uses a radio signal to transmit information (data packets) between a client device (for example, a phone or laptop) and the wireless access point (router). These radio signals are broadcast openly and can be intercepted or “received” by anyone nearby. When the wireless network is password protected (WPA2 or WPA3), the signals are encrypted, so that a third party intercepting the signals will not be able to understand the data.

However, an attacker can save all the data that he intercepts. And if they are able to guess the password in the future (which is possible via a dictionary attack on WPA2, as we saw above), they can use the key to decrypt the traffic from data recorded in the past on this network.

WPA3 ensures the secrecy of transfers. The protocol is designed so that even with the network password, it is impossible for a spy spy to monitor the traffic between the access point and another client device.

Opportunistic Wireless Encryption (OWE)

Described in this white paper (RFC 8110), Wireless Opportunistic Encryption (OWE) is a new feature in WPA3 that replaces 802.11 “open” authentication widely used in public access points and public networks.

This YouTube video provides a technical overview of OWE. The key idea is to use a Diffie-Hellman key exchange mechanism to encrypt all communication between a device and an access point (router). The decryption key for communication is different for each client connecting to the access point. Thus, none of the other devices on the network can decrypt this communication, even if they are listening to it (which is called a sniff). This benefit is called Individualized Data Protection – the data traffic between a client and an access point is “individualized”; So while other clients can sniff and record this traffic, they cannot decipher it.

The big advantage of OWA is that it doesn’t just protect networks that require a password to connect. it also protects open “insecure” networks that do not require a password, for example. wireless networks in libraries. OWE provides encryption to these networks without authentication. No provisioning, no negotiation, and no credentials required – it works without the user having to do anything or even knowing that their browsing is now more secure.

Disclaimer: OWE does not protect against “unwanted” access points, such as honeypot APs or evil twins, which try to trick the user into connecting with them and stealing information. .

Another drawback is that WPA3 supports unauthenticated encryption but does not require it. It is possible for a manufacturer to obtain the WPA3 tag without implementing unauthenticated encryption. The feature is now called Wi-Fi CERTIFIED Enhanced Open. So buyers should look for this tag in addition to the WPA3 tag to ensure that the device they are purchasing supports unauthenticated encryption.

DPP (Device Provisioning Protocol)

The Wi-Fi Device Provisioning Protocol (DPP) replaces the less secure Wi-Fi Protected Setup (WPS). Many home automation or Internet of Things (IoT) devices do not have an interface for entering a password and need to rely on smartphones to check their Wi-Fi configuration. Fi ..

Again, the caveat is that the Wi-Fi Alliance has not required this feature to be used to achieve WPA3 certification. So technically this is not part of WPA3. Instead, this feature is now part of their Easy Connect Wi-Fi CERTIFIED program. So, look for this label before purchasing any WPA3 certified material.

DPP allows devices to be authenticated over the Wi-Fi network without a password, using a QR code or NFC technology (near-field communication, the same technology used for wireless transactions on Apple Pay or Android Pay tags).

With Wi-Fi Protected Setup (WPS), the password is communicated from your phone to the IoT device, which then uses it to authenticate on the Wi-Fi network. But with the new DPP (Device Provisioning Protocol) ), devices perform mutual authentication without password.

Security

As described above, over the years, WPA2 has become vulnerable to various forms of attack, including the famous KRACK technique for which patches are available, but not for all routers and little deployed by users as it requires a firmware upgrade ..

In August 2018, another attack vector of WPA2 was discovered. [1] This allows an attacker who sniffs WPA2 handshakes to obtain the hash of the pre-shared key (password). The attacker can then use a brute force technique to compare that hash against the list of commonly used passwords or a list of guesses trying all possible variations of variable-length letters and numbers. Using cloud computing resources, it is easy to guess a password under 16 characters long.

In short, WPA2 security is almost the same as security, but only for WPA2-Personal. WPA2-Enterprise is much more resistant. Until WPA3 is widely available, use a strong password for your WPA2 network.

Recommendations
If possible, choose WPA3 over WPA2.

1) When purchasing WPA3 certified hardware, also look for Wi-Fi Enhanced Open and Wi-Fi Easy Connect certifications. As described above, these features improve network security.

2) Choose a long and complex password (pre-shared key):
use numbers, upper and lower case letters, spaces and even “special” characters in your password.
Make it a password instead of a single word.
Make it long – 20 characters or more.

3) If you are purchasing a new wireless router or access point, choose one that supports WPA3 or plan to roll out a software update that supports WPA3 in the future. Wireless router vendors regularly release firmware updates for their products. Depending on the quality of the provider, they release upgrades more frequently. for example. After the KRACK vulnerability, TP-LINK was one of the first vendors to release patches for their routers. They also released fixes for older routers. Therefore, if you are looking for the router to buy, check the history of firmware versions released by that manufacturer.

4) Choose a company that is diligent about their upgrades.

5) Use a VPN when using a public Wi-Fi hotspot such as a cafe or library, whether or not the wireless network is password protected (secure).

How useful was this post?

Click on a star to rate it!

I am sorry that this post was not useful for you!

Let me improve this post!

Tell me how i can improve this post?

You will like also ( Related articles ) :

Next Post

The best prepaid debit cards of 2020
Previous Post

Skills and qualities of a good leader

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href=""> <abbr> <acronym> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

COVID-19 Update

COVID-19 Update

People with COVID-19 should receive supportive care to help relieve symptoms. There is no specific antiviral treatment recommended for COVID-19.

To help prevent the spread of COVID-19, everyone should:
Clean your hands often, either with soap and water for 20 seconds or a hand sanitizer that contains at least 60% alcohol.
Avoid close contact with people who are sick.
Stay at home as much as possible.
Put distance between yourself and other people (at least 6 feet).
Cover your mouth and nose with a cloth face cover when around others.
Cover your cough or sneeze with a tissue, then throw the tissue in the trash.
Clean and disinfect frequently touched objects and surfaces daily.

Watch for symptoms.
People with COVID-19 have had a wide range of symptoms reported – ranging from mild symptoms to severe illness.

Symptoms may appear 2-14 days after exposure to the virus. People with these symptoms or combinations of symptoms may have COVID-19:

Cough
Shortness of breath or difficulty breathing
Or at least two of these symptoms:
Fever
Chills
Repeated shaking with chills
Muscle pain
Headache
Sore throat
New loss of taste or smell

HOW IT SPREADS
It is thought to spread mainly from person to person, mainly through respiratory droplets produced when an infected person coughs or sneezes. These droplets can land in the mouths or noses of people who are nearby or possibly be inhaled into the lungs. Spread is more likely when people are in close contact with one another (within about 6 feet). It may be possible that a person can get COVID-19 by touching a surface or object that has the virus on it and then touching their own mouth, nose, or possibly their eyes. This is not thought to be the main way the virus spreads, but we are still learning more about this virus.

COVID-19 is the infectious disease caused by the last coronavirus that was discovered. This new virus and disease was unknown before the outbreak in Wuhan (China) in December 2019.

More COVID-19 Advice
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu
Skip to content