The nature of electromagnetic waves is such that anyone in a wireless network can receive the data sent over the air. With high-gain antennas, it is possible to listen in on the data that passes through an office from outside the building. That is why, right from the outset, a great deal of importance has been attached to wireless network security.
By 1999, the first version of the IEEE 802.11 standard – which constitutes the basis for WLAN network operation – already devoted a section to describing the procedures to achieve a secure network. Unfortunately, the initial developers were really not experts in security, and the security protocol that they developed, known as Wireless Equivalent Privacy (WEP), was soon easily overcome by unsophisticated attacks with attackers taking under an hour to discover the key.
The IEEE soon began working on an amendment to the standard in the form of 802.11i, which defined the basis for a secure WLAN network. This amendment is the basis for the so-called WPA and WPA2 security protocols. Contrary to what people usually think, there aren’t any major differences between WPA and WPA2. In view of WEP’s vulnerabilities, the Wi-Fi Alliance (the standard body responsible for certifying WLAN equipment to ensure interoperability between operators) considered that it could not wait for the IEEE to finish the process of publishing the 802.11i standard. Instead, they went ahead and introduced WPA based on a non-definitive but fairly advanced version of the amendment. When the 802.11i standard was finally published, the Wi-Fi Alliance embraced WPA2. The differences between WPA and WPA2 are minimal: they use different information elements to announce security capabilities and the group key negotiation can be done more quickly in WPA2.
WPA and WPA2 are both complete security solutions providing device authentication and data encryption.
Two encryption methods can be used:
• TKIP: WEP-based encryption designed to correct the flaws discovered in WEP without changing the necessary hardware.
• AES-CCMP: new and much safer encryption – needs new hardware to work.
Likewise, two key management methods can be used:
• PSK: pre-shared key – commonly referred to as WPA-Personal.
• 802.1X: key obtained using the protocol defined in the 802.1X standard – commonly referred to as WPA-Enterprise.
These days, WPA and the TKIP cipher are no longer sensible options, and you should only use WPA2 with AES-CCMP. The Wi-Fi Alliance has taken steps in that direction. Thus, for example, the 802.11n standard (and later versions) doesn’t work when TKIP is configured.
Until now, WPA and WPA2 have been used to protect wireless networks. Despite attacks against WPA/WPA2 security schemes, these attacks have been based more on human error (e.g., dictionary attacks) than on real vulnerabilities in the protocol. The general perception for many years has been that wireless networks were secure… until now.
In October 2017, Mathy Vanhoef published a document that exposed a flaw in WPA2 networks. The attack – known as Key Reinstallation Attack (KRACK) and which involves reinstalling an already-in-use key – caused quite a stir when it came to light. In fact, though, it turned out to be far less significant than originally supposed; in most cases, a few small patches were all that were needed to avoid the associated dangers.
Whether due to all the buzz surrounding these attacks, or just because it was time, the Wi-Fi Alliance announced in January that WPA2 enhancements and a new WPA3 standard were coming in 2018.
The Wi-Fi Alliance defines three areas for improvement. All three areas incorpórate Protected Management Frames (PMF) as a prerequisite to protect management frame integrity.
1.- Enhanced Open
Using open networks (i.e., networks without security) is common practice in restaurants and shops wanting to provide their customers with Wi-Fi services. The Wi-Fi Alliance proposes using Opportunistic Wireless Encryption (OWE) (RFC 8110) to improve security in such networks. In OWE, a client and access point exchange Diffie-Hellman keys during the association process. The generated key is then used as a master key to generate session keys. This produces an encrypted (though not authenticated) communication between the users and access point: any unicast data packets and unicast management frames between a user and the access point are encrypted, protecting them from being seen by other users. All this is achieved without user intervention: the user is not required to enter a key to connect to the network, which means the connection simplicity currently found in open networks can be maintained.
The Wi-Fi Alliance does not include this enhancement as part of the WPA program.
2.- Additional WPA2 security enhancements
There are a series of additional tests not included in the WPA2 certification. These tests are intended to prevent certain known attacks:
– The validity of certificates is checked on the client side when WPA2 Enterprise is used.
– The client device is checked to make sure it can receive more than one AKM in the security information element.
3. New WPA security level – WPA3
As with WPA and WPA2, WPA3 contains two security levels – WPA3-Personal and WPA3-Enterprise – with the latter one being the more secure of the two.
– WPA3-Personal utilizes Simultaneous Authentication of Equals (SAE), defined in the 802.11-2016 standard and initially part of the 802.11s amendment for mesh networks. With SAE, the client and access point authenticate by proving to each other that they have a key. This produces a master key (PMK) which is shared between the two. The key is not sent, and the exchange is such that should a hacker capture the packets used, he is not able find out the original key or the generated master key. SAE adds additional security to networks with pre-shared key (PSK) authentication, making dictionary attacks even more difficult: the PSK key is used to generate a PMK key rather than being used as the PMK.
– WPA3-Enterprise contains a new 192-bit security level based on the NSA’s ‘Suite B’ instructions for environments requiring greater security (government, military applications, etc.). It allows fewer EAP types to be used:
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (mandatory)
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (optional)
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (optional)
And it only allows GCMP-256 encryption. I will not go into detail about what all these acronyms mean, but suffice it to say that they greatly enhance Wi-Fi network security.
At Teldat, we are committed to providing wireless network security and are already working on developing these new security protocols.