Security

How we ended up in WPA3? – Wi-Fi Security Evolution

06 Sep

Introduction to Wi-Fi Security

Distributing data using a wireless medium means that anyone can capture the signal. There is no boundary, like in the case of cable communication, which prevents unwanted access. This means we must take other security measures. In this blog post, we will review current algorithms providing Wi-Fi security and we will take a sneak peek into the upcoming – WPA3.

Wired Equivalent Privacy (WEP)

When Wi-Fi was introduced in 1997 there was only one algorithm intended for security, namely WEP – Wired Equivalent Privacy. Its intention was to provide confidentiality equal to the wired transmission.

Security algorithms used in Wi-Fi ensure data integrity and encryption. Integrity provides information for the user, that the message was not manipulated. Encryption prevents other users from knowing the message content.

In the figure below you can see the data flow in WEP encryption.

WEP encryption scheme

In WEP, for data integrity 32-bit cyclic redundancy check (CRC32) is used. Integrity Check Vector (ICV) is appended to the user data and forwarded to encryption. This is where the first flaw of WEP shows up. CRC32 intention was to detect errors during transmission. This method is not very reliable in message integrity checks.

On the other hand, RC4 is used for encryption. This is a stream encryption algorithm, which uses a pair of WEP keys (a password) and an Initialization Vector (IV) as a seed. WEP key might either have 40 or 104 bits and IV is always 24 bits long. This makes the seed either 64 or 128 bits long. IV is appended to the encrypted message and its purpose is to avoid using the same seed for encrypting different messages.

As it turns out within few minutes so many packets can be captured, that IV collision reaches a probability of 50%. This makes WEP key easy to be compromised.

It is strongly advised not to use WEP anymore in any circumstances.

Wi-Fi Protected Access (WPA)

IEEE response to the WEP weakness was 802.11i amendment. It introduced a number of security improvements. Since the improvements were urgent and important to introduce, WPA was the answer. It was implemented as part of the 802.11i features and what is important – it was based on the same hardware as WEP, so only a firmware upgrade was required to improve the security aspect. Since there were two major flaws in WEP, WPA addressed both of them.

Let’s see the figure below and investigate what are the differences from the previous approach.

Wi-Fi Security WPA encryption scheme

Encryption was still based on RC4, since it was hardware implementation and couldn’t be updated, but IV was extended to 48 bits. Moreover, a master key (so a password you enter in access point and station) is not directly used, but rather it is mixed and the encryption key is derived from the master key. This makes the main key hard to compromise.

Output message is, as in the case of WEP, xor operation of the user data and pseudorandom stream from RC4, but this time the key is much better protected and collision is less likely.

WPA also improved message integrity. It introduced Message Integrity Check (MIC) algorithm, which by design was better suited to this task than CRC32 used in WEP. The algorithm is based not only on the data but also on additional input, such as Transmitter Address, Destination Address, etc. so it is much harder to forge messages with the correct MIC vector.

It is important to remember, that WPA protects well enough only against those who don’t have a key. If a malicious user is legitimately connected to some network protected with WPA it can capture packets destined for others and decrypt them.

Wi-Fi Protected Access II (WPA2)

WPA2 implements all mandatory features from 802.11i. It provides a significant security improvement over WEP and WPA. The most important architectural change is the data encryption algorithm. In WPA2 the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses an Advanced Encryption Standard (AES).

Wi-Fi Security WPA2 encryption scheme

As you can see in the above figure, WPA2 differs from WPA in the way encrypted message and integrity is calculated. In previous systems (WEP and WPA) there was easily distinguished integrity calculation chain and encryption chain. In WPA2 encryption and integrity check are performed within a single logical block – CCM. Let’s take a look at the detailed scheme below of this block to know how is integrity and encryption realized in WPA2.

WPA2 encryption and integrity

Both integrity check and encryption are based on Advanced Encryption Standard (AES) algorithm. This is a block-based algorithm, operating on 128 bits chunks. The input message is divided into 128 bits parts and used together with previous results as an input to the AES algorithm. The whole message, including the header, is taken into consideration for integrity check, while only the payload is encrypted. The header must be transmitted as plain text in order to enable frame detection and decoding.

WPA3

At the beginning of the year, Wi-Fi Alliance announced that WPA3 will be introduced in the near future. We learned only about few functionalities, without many details. They kept us waiting for some time, but recently new details were revealed. The aim of WPA3 is to simplify security, enable robust authentication and increase cryptographic strength.

WPA3 comes in two variants WPA3-Personal and WPA3-Enterprise, just like WPA2.

WPA3-Personal

In WPA3-Personal Pre-shared Key (PSK) is no longer in use and Simultaneous Authentication of Equals (SAE) comes in favour. This method is based on key exchange and is resistant to offline dictionary attacks, where previously recorded data can be used to guess passwords. This mechanism allows to protect of the data even if the password is weak, meaning is short or using popular phrases.

WPA3-Enterprise

WPA3 is built upon WPA2, but it provides a number of improvements:

Authenticated encryption is provided by 256-bit Galois/Counter Mode Protocol (GCMP-256)
Key derivation uses 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (SHA)
Key establishment uses Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA)
Frame protection based on 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)

But that’s not all that comes in this security update. Wi-Fi Alliance also announced Wi-Fi Enhanced Open which is an answer to a problem with open networks eg. at airports, shopping malls or coffee shops. Today you can access these networks freely, often using some captive portal, but the traffic on the wireless links is not encrypted. Wi-Fi Enhanced Open will provide unauthenticated data encryption based on Opportunistic Wireless Encryption (OWE).

Summary of Wi-Fi Security

In the table below we summarized what we already learned about WEP, WPA, WPA2 and WPA3 security. The most important conclusion from all previous considerations is that WEP should always be avoided since many flaws were discovered. Devices with old hardware should be updated to use WPA – it uses the same RC4 algorithm but in a much safer way. It doesn’t allow such often key collisions and introduces temporal keys. On the other hand, if a device provides hardware support for WPA2 it should be always used. It offers the best security in terms of message integrity and encryption. Soon to come WPA3 will improve all aspects of security significantly. Both integrity and encryption will be at an even higher level than we can currently achieve with WPA2.

Wi-Fi Security algorithms comparison

Other materials

To see other posts on the network and wireless fundamentals see our explained section.

References

[1] Security | Wi-Fi Alliance

[2] Wi-Fi Alliance Introduces Wi-Fi Certified WPA3 Security | Wi-Fi Alliance

[3] Arif Sari, Mehmet Karay, Comparative Analysis of Wireless Security Protocols: WEP vs WPA

Tags:
, , ,
Newer The must have features on your LAN.Does your network have these features enabled?
Back to list
Older Windows 11 Makes It Harder To Switch From Edge Browser

Related Posts

21 Oct
Security

Cisco ISE 2.6 aka Software Defined Access

It gives me great pleasure to announce the availability of Cisco Identity Services Engine (ISE) 2.6. This release is all about solving more for clients – better features and scale to deal with the Enterprise IoT era, better security and better ability to understand how your network access services and policy are deploy...

Continue reading

Cisco Identity Services Engince
24 Dec
Security

The Single Source of Truth with Cisco ISE

With modern society’s reliance on connectivity for both work and leisure, offering network access to different groups of people without compromising security has become complicated. In any business, employees need to access various types of data and information in order to fulfill their tasks properly. However, the standard ways with which a business controls data security and network access are often cumbersome, expensive, and require a lot of skilled manpower. Cisco Identity Services Engine is the answer.

Continue reading