WPA3: Next-Gen Security for Next-Gen Internet of Things
In the present technological era, information plays a vital role and a critical asset which should be protected. Cryptography has always been the first choice for the security solution to protect the information. It is a technique for changing over plaintext into some code, known as ciphertext, which the third party can’t decrypt easily. The cryptographic information is secure, however, decryption of data at the destination end, the complete integrity of the data and availability of the data when needed are three vital aspects of cryptography. In the view of these three aspects a few methods, protocols and security standards should be followed to protect the information over the Wi-Fi. In wireless communication, information communicated wirelessly needs more protection as it can be interrupted effortlessly. The security standards for wireless communication has been set up by Wi-Fi Alliance and all Wi-Fi routers need to follow these standards.
In January 2018, Wi-Fi Alliance announced the release of WPA3 (Wi-Fi Protected Access) security protocol as a substitution to WPA2. Many routers provide WEP, WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options for Wi-Fi security. At whatever point we connect to a Wi-Fi network at home with the correct password, it protects the network utilizing one of the Wi-Fi security options available. All these Wi-Fi Security standards are discussed here with an intent to gain an insight and how they have advanced over the period for the better privacy of the Wi-Fi network.
The primary security standard developed by Wi-Fi Alliance was WEP (Wired Equivalent Privacy) as a privacy component of the IEEE 802.11b standard in 1997. It is designed to provide a level of security equal to Local Area Network (LAN) physical security components, so the name wired equivalent privacy. According to the WEP protocol, data is transmitted by radio waves which are not limited by the walls. It tries to give the same level of security utilizing data encryption algorithms.
WEP provides a method of getting cipher (encrypted) text by XORing plain text with keystream generated using an RC4 (Rivest Cipher) stream cipher. The stream cipher is a symmetric key algorithm for performing encryption or decryption where plaintext digits are combined with a pseudorandom keystream. The keystream is generated by concatenating key (generally a password used to connect the Wi-Fi) of 40 bits and 24 bits (Initialization Vector) IV, a pseudorandom random key, to make it 64- bit WEP. The key length can vary from 40 bits to 232 bits but IV has only 24 bits length. Due to the smaller length of IV, it will eventually repeat its values and once a repeat happens it becomes easy to figure out what the message is being transferred over the network.
Data integrity is an important feature which ensures the correct information is being received at the receiver end. It is done with CRC-32 (Cyclic Redundancy Check) error detecting code. It expands the message without adding any information to it and algorithm is based on cyclic codes to check the data.
Two methods of authentication can be used in WEP: Open System Authentication and Shared Key Authentication. In a shared key authentication, to begin the connection process, the computer sends a request for authentication to access point (Router). The access point responds by generating a sequence of characters called a challenge text for the computer. The computer encrypts the challenge text with its WEP key and transmits the "message" back to the access point. The access point decrypts the "message" and compares the result with the original challenge text. If comparison comes out to be a true connection is established. A wireless-equipped computer can connect to a WEP network access point without shared keys using a process known as Open System Authentication but this method does not allow the computer to receive encrypted data.
The authentication mechanisms do not provide stronger security, therefore, WEP has a serious security weakness and was been superseded by WPA. WEP used a 64-bit or 128-bit encryption permanent key that must be manually entered on wireless access points and devices. WPA uses TKIP (Temporal Key Integrity Protocol) 128 bits encryption and employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP. TKIP implements a key mixing function that combines with 24 bit IV before passing it to RC4 stream cipher. Compared to WEP, WPA uses key mixing function instead of simply concatenate with IV. Key mixing function also called temporal key hash which produces the 128-bit RC4 per-frame encryption key. This function takes as input the 128-bit Temporal Key (TK), the 48-bit Transmitter’s Address (TA) and 48-bit IV. The 48-bit IV is often called the TKIP Sequence Counter (TSC). The key mixing function outputs 128-bit WEP key, the first three bytes of which are derived from the TSC.
Data integrity using CRC-32 was replaced by MIC (Message Integrity Check), which is designed to prevent an attacker from altering and resending data packets. MIC is similar to cryptography hash function which is used to detect the duplicate data and indexing of data using a hash function. A hash function is a hex code of the data and is used as a key to encrypt and decrypt the data. Pre Shared Key (PSK) is a method of authentication that uses 64-bit hexadecimal digits to generate a unique encryption key for each wireless connected devices. These encryption keys constantly change and PSK authentication user provides the password to verify the connection. WPA also supports Advanced Encryption Standard (AES) which is optional in place of RC4. Although AES is more secure but biggest threat is that integrity check is still done via TKIP-MIC. The biggest threat is if the RC4 key is lost total security is lost.
WPA security issues are resolved in the now current WPA2 standard. WPA2 supports the same modes as WPA, except that it does not use TKIP but CCMP for cryptographic encapsulation. CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) uses CCM mode of operation for cryptographic block ciphers. In the CCMP procedure, additional authentication data is taken from MAC header and included in CCM encryption process. It provides both authentication and confidentiality. It is based on AES (Advanced Encryption Standard) processing and uses a 128-bit key and a 128-bit block size. AES is based on a substitution-permutation mathematical operation which takes a block of plaintext and keys as inputs and applies several permutations and substitution to produce ciphertext. To protect against replay attacks, a sequenced Packet Number (PN) and portions of MAC header are used to generate a nonce (Pseudo-Random Number) which in turn is used by the CCMP encryption process.
The CCMP mode has Message Integrity Code (MIC) which protects the integrity and authenticity of the packet. The Frame Check Sequence (FCS) which is used for error detection and correction.
Some access points can still be configured to use both TKIP and CCMP so that user need not require upgrading the hardware. Key management is done using Extensible Authentication Protocol (EAP) which is used in both WPA and WPA2. EAP is a framework for providing the transport and usage of keys generated by different EAP methods.
On the other hand, the new upcoming WPA3 protocol uses 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite that protects the government, Defense and industrial network which requires a higher level of security. The CNSA encryption uses Elliptical Curve Cryptography (ECC) which has a wide range of cryptographic schemes and protocols, such as Elliptic Curve Diffie-Hellman (ECDH), the Elliptic Curve Digital Signature Algorithm and the Elliptic Curve Integrity Encryption Scheme (ECIES). The Digital Signature Algorithm (DSA) generates a digital signature composed of two 160-bit numbers directly from the private key and a hash of the data to be signed. The corresponding public key can be used to verify the signature.
Elliptical Curve Integrity Encryption Scheme (ECIES) takes plain text message and recipient’s public key as input. An ECC ephemeral key and Initialization Vector (IV) is generated. Further ephemeral private key is combined with recipient’s public key to generate ECDH shared secret data. The shared secret data is fed to key derivation function to generate two secret keys. One secret key is used to encrypt the plain text and other is used to generate a MAC. The final output is the cipher text, the IV, the ephemeral key and the MAC.ECC keys are better than RSA & DSA keys in the algorithm is harder to break. ECC keys are more secure and uses smaller length keys (for instance a 256-bit ECC key is as secure as a 3248-bit RSA key).
Data integrity is done using Secure Hash Algorithm-2 in which different hash function is generated for different inputs. SHA-2 is often called SHA-2 family of hashes because it contains many different size hashes, including 224, 256, 384 and 512 bit.
WPA3 provides a new strong password-based authentication using Simultaneous Authentication of Equals (SAE) protocol which provides robust protection which is resistant to active, passive and dictionary attack. It is a peer-to-peer protocol in which one-way key derived function is used to generate a key making it difficult for the attacker to crack the code even with the password.
WPA3 blocks authentication after a certain number of failed log-in attempts and thus also provides protection against Brute-Force Attack.
WPA3 provides enhanced security especially for public open Wi-Fi networks. WPA3 uses individualized data encryption which encrypts data between the access point and the user even when no password is entered at the time of connection.
The most interesting feature in WPA3 is that it simplifies the process of configuring security for the IOT (Internet of Things) devices which have limited or no display interface such as Amazon Echo, Google Home, Smart Door Locks, Smart Thermostats and many more. As IOT devices are designed for low power consumption and minimum processor requirement, current cryptographic techniques are difficult to implement as they uses larger keys, high level processor and consume more power. To resolve the issue, smaller length key algorithm such as ECC is used which provides the same level of security as provided by large RSA key algorithms.
ECC is vulnerable to several attacks such as Side-Channel attacks, Twist Security attacks and Quantum attacks and improper implementation of ECC can lead to ECC private key leaks. These attacks can be tackled easily through properly implementing the algorithm and some simple techniques such as Montgomery curves and Montgomery ladder in addition with ECC.
While the WPA3 protocol is not yet in its final form and there is still some time until consumer devices adopt it fully - WPA3 is an important attempt at solving the unique challenges of Internet of Things devices and of an increased worldwide concern on security (in the wake of umpteen security leaks over the last few years). As we saw in the case of WPA and WPA2, WPA3 adoption is expected to be lightning quick and widespread - and will hopefully be in tandem with the increased security provisions of the upcoming TLS 1.3 protocol which uses some of the same principles for its handshake procedure.