WPA3: Next-Gen Security for Next-Gen Internet of Things
In the present technological era, information plays a vital role and is a critical asset that should be protected. Cryptography has always been the first choice for the security solution to protect information. It is a technique for changing over plaintext into some code, known as ciphertext, which the third party can’t decrypt easily. The cryptographic information is secure, however, the decryption of data at the destination end, the complete integrity of the data and the availability of the data when needed are three vital aspects of cryptography. In view of these three aspects a few methods, protocols and security standards should be followed to protect the information over the Wi-Fi. In wireless communication, information communicated wirelessly needs more protection as it can be interrupted effortlessly. The security standards for wireless communication have been set up by Wi-Fi Alliance and all Wi-Fi routers need to follow these standards.
In January 2018, Wi-Fi Alliance announced the release of WPA3 (Wi-Fi Protected Access) security protocol as a substitution for WPA2. Many routers provide WEP, WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options for Wi-Fi security. At whatever point we connect to a Wi-Fi network at home with the correct password, it protects the network by utilizing one of the Wi-Fi security options available. All these Wi-Fi Security standards are discussed here with the intent to gain insight and how they have advanced over the period for better privacy of the Wi-Fi network.
What is WEP (Wired Equivalent Privacy)?
The primary security standard developed by Wi-Fi Alliance was WEP (Wired Equivalent Privacy) as a privacy component of the IEEE 802.11b standard in 1997. It is designed to provide a level of security equal to Local Area Network (LAN) physical security components, so the name wired equivalent privacy. According to the WEP protocol, data is transmitted by radio waves which are not limited by the walls. It tries to give the same level of security utilizing data encryption algorithms.
WEP provides a method of getting cipher (encrypted) text by XORing plain text with keystream generated using an RC4 (Rivest Cipher) stream cipher. The stream cipher is a symmetric key algorithm for performing encryption or decryption where plaintext digits are combined with a pseudorandom keystream. The keystream is generated by concatenating key (generally a password used to connect the Wi-Fi) of 40 bits and 24 bits (Initialization Vector) IV, a pseudorandom random key, to make it 64- bit WEP. The key length can vary from 40 bits to 232 bits but IV has only 24 bits length. Due to the smaller length of IV, it will eventually repeat its values and once a repeat happens it becomes easy to figure out what the message is being transferred over the network.
Data integrity is an important feature that ensures the correct information is being received at the receiver end. It is done with CRC-32 (Cyclic Redundancy Check) error detecting code. It expands the message without adding any information to it and the algorithm is based on cyclic codes to check the data.
Two Methods of Authentication Used in WEP
Open System Authentication and Shared Key Authentication. In a shared key authentication, to begin the connection process, the computer sends a request for authentication to the access point (Router). The access point responds by generating a sequence of characters called a challenge text for the computer. The computer encrypts the challenge text with its WEP key and transmits the "message" back to the access point. The access point decrypts the "message" and compares the result with the original challenge text. If comparison comes out to be a true connection is established. A wireless-equipped computer can connect to a WEP network access point without shared keys using a process known as Open System Authentication but this method does not allow the computer to receive encrypted data.
The authentication mechanisms do not provide stronger security, therefore, WEP has a serious security weakness and was been superseded by WPA. WEP used a 64-bit or 128-bit encryption permanent key that must be manually entered on wireless access points and devices. WPA uses TKIP (Temporal Key Integrity Protocol) 128 bits encryption and employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP. TKIP implements a key mixing function that combines with 24-bit IV before passing it to the RC4 stream cipher. Compared to WEP, WPA uses a key mixing function instead of simply concatenating with IV. Key mixing function also called temporal key hash which produces the 128-bit RC4 per-frame encryption key. This function takes as input the 128-bit Temporal Key (TK), the 48-bit Transmitter’s Address (TA) and 48-bit IV. The 48-bit IV is often called the TKIP Sequence Counter (TSC). The key mixing function outputs 128-bit WEP key, the first three bytes of which are derived from the TSC.
WPA (Wi-Fi Protected Access)
Data integrity using CRC-32 was replaced by MIC (Message Integrity Check), which is designed to prevent an attacker from altering and resending data packets. MIC is similar to a cryptography hash function which is used to detect duplicate data and indexing of data using a hash function. A hash function is a hex code of the data and is used as a key to encrypt and decrypt the data. Pre Shared Key (PSK) is a method of authentication that uses 64-bit hexadecimal digits to generate a unique encryption key for each wireless connected device. These encryption keys constantly change and the PSK authentication user provides the password to verify the connection. WPA also supports Advanced Encryption Standard (AES) which is optional in place of RC4. Although AES is more secure but the biggest threat is that integrity check is still done via TKIP-MIC. The biggest threat is if the RC4 key is lost total security is lost.
WPA security issues are resolved in the now current WPA2 standard. WPA2 supports the same modes as WPA, except that it does not use TKIP but CCMP for cryptographic encapsulation. CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) uses CCM mode of operation for cryptographic block ciphers. In the CCMP procedure, additional authentication data is taken from MAC header and included in CCM encryption process. It provides both authentication and confidentiality. It is based on AES (Advanced Encryption Standard) processing and uses a 128-bit key and a 128-bit block size. AES is based on a substitution-permutation mathematical operation that takes a block of plaintext and keys as inputs and applies several permutations and substitutions to produce ciphertext. To protect against replay attacks, a sequenced Packet Number (PN) and portions of MAC header are used to generate a nonce (Pseudo-Random Number) which in turn is used by the CCMP encryption process.
WPA (Wi-Fi Protected Access) 2
The CCMP mode has Message Integrity Code (MIC) which protects the integrity and authenticity of the packet. The Frame Check Sequence (FCS) is used for error detection and correction.
Some access points can still be configured to use both TKIP and CCMP so that users need not require upgrading the hardware. Key management is done using Extensible Authentication Protocol (EAP) which is used in both WPA and WPA2. EAP is a framework for providing the transport and usage of keys generated by different EAP methods.
WPA (Wi-Fi Protected Access) 3
WPA3 is the latest version of the Wi-Fi Protected Access (WPA) security protocol. It was developed by the Wi-Fi Alliance and released in 2018. WPA3 is designed to be more secure than WPA2, which is the previous version of the protocol.
WPA3 includes a number of new features that improve security, including:
Simultaneous Authentication of Equals (SAE): SAE is a new authentication method that is more secure than the Pre-Shared Key (PSK) method used in WPA2.
Protected Management Frames (PMF): PMF is a new feature that helps to protect against attacks that can be used to modify or eavesdrop on wireless traffic.
Opportunistic Wireless Encryption (OWE): OWE is a new mode of WPA3 that is designed for use in open networks. OWE uses a technique called "opportunistic encryption" to encrypt traffic between devices even if the devices do not have a pre-shared key.
On the other hand, the new WPA3 protocol uses a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite that protects the government, Defense and industrial network which requires a higher level of security. The CNSA encryption uses Elliptical Curve Cryptography (ECC) which has a wide range of cryptographic schemes and protocols, such as Elliptic Curve Diffie-Hellman (ECDH), the Elliptic Curve Digital Signature Algorithm and the Elliptic Curve Integrity Encryption Scheme (ECIES). The Digital Signature Algorithm (DSA) generates a digital signature composed of two 160-bit numbers directly from the private key and a hash of the data to be signed. The corresponding public key can be used to verify the signature.
Elliptical Curve Integrity Encryption Scheme (ECIES) takes a plain text message and the recipient’s public key as input. An ECC ephemeral key and Initialization Vector (IV) is generated. Further ephemeral private key is combined with the recipient’s public key to generate ECDH shared secret data. The shared secret data is fed to key derivation function to generate two secret keys. One secret key is used to encrypt the plain text and other is used to generate a MAC. The final output is the cipher text, the IV, the ephemeral key and the MAC.ECC keys are better than RSA & DSA keys in the algorithm is harder to break. ECC keys are more secure and uses smaller length keys (for instance a 256-bit ECC key is as secure as a 3248-bit RSA key).
Data integrity is done using Secure Hash Algorithm-2 in which different hash function is generated for different inputs. SHA-2 is often called SHA-2 family of hashes because it contains many different size hashes, including 224, 256, 384 and 512 bit.
WPA3 provides a new strong password-based authentication using the Simultaneous Authentication of Equals (SAE) protocol which provides robust protection and is resistant to active, passive and dictionary attacks. It is a peer-to-peer protocol in which a one-way key derived function is used to generate a key making it difficult for the attacker to crack the code even with the password.
WPA3 blocks authentication after a certain number of failed log-in attempts and thus also provides protection against Brute-Force Attacks.
WPA3 provides enhanced security, especially for public open Wi-Fi networks. WPA3 uses individualized data encryption which encrypts data between the access point and the user even when no password is entered at the time of connection.
The most interesting feature of WPA3 is that it simplifies the process of configuring security for IOT (Internet of Things) devices that have limited or no display interface such as Amazon Echo, Google Home, Smart Door Locks, Smart Thermostats and many more. As IoT devices are designed for low power consumption and minimum processor requirement, current cryptographic techniques are difficult to implement as they use larger keys, and high-level processors and consume more power. To resolve the issue, a smaller length key algorithm such as ECC is used which provides the same level of security as provided by large RSA key algorithms.
ECC is vulnerable to several attacks such as Side-Channel attacks, Twist Security attacks and Quantum attacks and improper implementation of ECC can lead to ECC private key leaks. These attacks can be tackled easily through properly implementing the algorithm and some simple techniques such as Montgomery curves and Montgomery ladder in addition with ECC.