Security Challenges for Next Generation WiFi

3936 words (16 pages) Essay

8th Feb 2020 Computer Science Reference this


Disclaimer: This work has been submitted by a university student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of


Wireless networks are ubiquitous in today’s world and are gaining popularity at a tremendous pace, as they provide greater flexibility, portability, and mobility than their wired counterparts. With the increase in personal devices like tablets, phones, personal digital assistants, watches, and remote sensors that use Wi-Fi to connect to the Internet, the security threats and attacks are becoming more prominent. This paper outlines features of next-generation Wi-Fi security Wireless Protected Access 3 (WPA3) and security challenges and vulnerabilities they help overcome in existing wireless local area networks, that previous security protocols like Wired Equivalent Privacy (WEP), Wireless Protected Access (WPA) and Wireless Protected Access (WPA2) could not resolve.

I. Introduction

Wireless technology has become one of the most popular and in-demand technologies for home and enterprise networks. Wireless technology is popular because it reduces implementation cost and is highly scalable. The Institute of Electrical and Electronics Engineers (IEEE) designed a standard known as IEEE 802.11 for Wireless Local Area Network (WLAN) that makes use of Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) and radio frequencies to access the wireless medium to send traffic [3]. Users can connect to the network from anywhere within the coverage area. Wireless networks provide them better flexibility, mobility, and convenience than wired connections, which do not permit users to move freely if they want to stay connected. Wi-Fi has numerous advantages, but inadequate security measures can be destructive, as any unauthorized user can join the network, steal confidential data and corrupt the system through pernicious traffic [3]. To tackle the above-stated shortcomings, a series of security protocols were implemented in the 802.11 protocol to maintain data integrity, confidentiality, and user authentication and encryption [3].

Prior to the launch of WPA3 in 2018, WLAN implemented three security protocols , to authenticate users and encrypt all data traffic before transmitting over the wireless medium, namely Wired Equivalent Privacy (WEP) that uses Rivest Cipher 4 (RC4) for encryption, Wi-Fi Protected Access (WPA) that uses Temporal Key Integrity Protocol (TKIP) for encryption, and Wi-Fi Protected Access 2 (WPA2) that uses Advanced Encryption Standard (AES) for encryption [3]. Despite the presence of these protocols, there were significant security risks that were yet to be addressed. Some of those challenges were unencrypted traffic transmission in open networks, dictionary attacks that can compromise the password exchange in WPA and WPA2, inconsistency in WPA2-Enterprise (802.1X-EAP) also known as Extensible Authentication Protocol (EAP), and time-consuming onboarding of devices that do not have a keypad or display screen [1].

The objective of this scholarly paper is to understand the features of Wireless Protected Access 3 (WPA3) and how they resolve the above-mentioned set of security challenges that previous protocols could not address. The paper is further organized as follows: Section II describes the Opportunistic Wireless Encryption feature of WPA3 to increase privacy in open networks; Section III explains Simultaneous Authentication of Equals that provides resistance to dictionary attacks and makes password-based authentication more resilient; Section IV describes an advanced configuration option for 802.1X-EAP known as Commercial National Security Algorithms (CNSA) that help remove inconsistencies and misconfigurations in 802.1X authentication framework ; Section V explains the easy connect feature of WPA3 that uses Device Provisioning Protocol to simplify onboarding of devices to WLAN [5]. Finally, the conclusion is summarized in Section VI.

II. Opportunistic Wireless Encryption

Access to the free Internet is a complementary and anticipated service that businesses, such as hotels, restaurants, and airports provide to attract more customers. This service is offered through Open Wi-Fi access, where all the traffic between client and access point is transmitted unencrypted [2]. People may use this service to make online financial transactions using net banking, accessing classified and personal data on email, accessing social media accounts, and more, without knowing that all their data can be compromised. To explain the requirement for strong encryption, first we need to understand the fundamental process of wireless network advertisement, discovery, and access. Wireless Local Area Network (WLAN) information is broadcast by access points using frames known as beacons, which contain the name of the network called Service Set Identifier (SSID), authentication protocol being used, encryption ciphers to encrypt unicast and broadcast traffic, quality of service and optionally additional information [2]. Wireless clients can discover this information broadcast by access points, either by listening to these beacons or by issuing queries known as probe requests to the access points, which then reply with probe response containing the same information as beacons [2]. On discovering the network, the client begins the process to access the network in two steps, where 802.11 authentication is the initial step known as Open Authentication, where any client can authenticate to the access point [2]. The next step in this process is the 802.11 Association, in which the client lets the AP know about the SSID, layer two authentication protocol and encryption ciphers it wants to use to communicate with the access point and access the network [2]. The access point sends an acknowledgment by replying with an association response, defining whether it agrees or not with the parameters defined by the client in its association request [2]. Since, at airports, hotels, and restaurants the network is Open, the client gains access to the network just after the completion of the 802.11 Association without any further authentication and encryption [2]. The absence of encryption makes their traffic susceptible to security attacks such as stealing of confidential data, the man in the middle attack by using a rogue access point broadcasting the same SSID, and denial of service, as all the data is sent in clear text. For this reason, the Opportunistic Wireless Encryption (OWE) feature was added to the WPA3 security standard, where all traffic on open Wi-Fi networks is encrypted without the need for a password or any authentication mechanism. OWE achieves this by implementing Diffie-Hellman key exchange between client and access point to generate a pairwise key, which is then used with the 4-way handshake without the use of any password or shared secret, hence preventing eavesdropping in the connection [2].

To perform Diffie-Hellman key exchange OWE supports two types of public key encryption techniques. These techniques are Elliptic Curve Cryptography (ECC), and Finite Field Cryptography (FFC) and the key exchange makes use of a hash algorithm based on either of these to produce a secret and secret identifier [2]. To announce the support for OWE in WLAN to the clients, access point adds Authentication and Key Management suite selector for OWE in the Robust Security Network (RSN) element of its beacons and probe response [2]. On discovering the OWE-enabled access point, the client performs open authentication the same way it would without an OWE support followed by 802.11 association. The OWE incorporates the Diffie-Hellman key element to association requests and response, where the client’s public key is inserted in association request, and access point’s public key is inserted in association response [2]. This Diffie-Hellman Parameter element is added to the association request and response using type-length-value (TLV) that calls this element. As shown in Figure 1, the Diffie-Hellman element contains an Element ID of 255, the length of the element, and element-specific data which contains a group (ECC or FCC) and public key associated with it.

Figure 1: The Diffie-Hellman Parameter Element [2].

After the accomplishment of 802.11 association, the access point and client perform a Diffie-Hellman key exchange to generate a Pairwise Master Key (PMK) and a Pairwise Master Key Identifier by chaining client’s and access point’s public key and feeding it to the HMAC-based Extract-and-Expand Key Derivation Function using hash algorithm based on Elliptic Curve Cryptography or Finite Field Cryptography [2]. Once PMK is generated, the access point starts a 4-way handshake with the client utilizing this PMK to generate a Key-Encrypting-Key (KEK), Key-Confirmation-Key (KCK) and Message Integrity Code (MIC) to encrypt unicast and broadcast traffic between the access point and client [2]. From the client’s perspective, WLAN with OWE support is the same as an open network but provides a higher standard of security by encrypting the transmission channel and data, thereby making it unfavorable for an attacker to steal user data in an open network.

III.Simultaneous Authentication of Equals

Using a password or a passphrase for authentication has become one of the primary methods to access the Internet using Wi-Fi. In practice, this password is then used as a seeding material to generate Pairwise Master Key used for encrypting data [3]. The use of pre-shared password for layer-2 authentication and using the same password to generate the encryption keys is susceptible to offline brute force attack also known as an offline dictionary attack, where an attacker obtains sufficient information through active and passive attacks on the protocol using a list of possible passwords until they derive the matching key [4]. Once the key is derived, an attacker can easily decrypt the communication between the access point and the client. To avoid this WPA3 uses a type of Dragonfly Key Exchange protocol known as Simultaneous Authentication of Equals (SAE) based on password-authenticated key exchange, where the shared password is used only for authentication and not computing Pairwise Master Key for encrypting data [3]. SAE uses discrete logarithmic and elliptic curve cryptography for authentication and key management [3].

Figure 2: Dragonfly Handshake [3].

The elliptic curve used in SAE is given by the equation y^2 = x^3 + a*x + b mod p, where p is a huge prime number and values of a and b depend on the elliptic curve used [4]. In SAE handshake both the peers (AP and client) have the same view of the pre-shared password and any of the peers can initiate the exchange [4]. As shown in Figure 2, A is an access point, and B is a client. Before starting the exchange, the client and access point share the elliptic curve parameters p and q, where q is also a large prime number obtained using logarithmic calculation [3]. Then they derive a secret element by hashing a pre-shared password, random number, counter and mac addresses of both access point and the client [4]. The output of this hashing is then used as x-coordinate for the curve to solve for y. If the value of x used helps in finding a solution for y, then the coordinates (x,y) are classified as the Password Element (PE) [4]. The SAE handshake happens in two phases, namely the Commit Phase and Confirm Phase [4].

During the commit phase, both the client and AP generate two random numbers and a mask (mA) greater than one and share it during the exchange of the first two messages [3]. The access point then derives a shared secret (ss) using the data sent by the client, and the client derives a shared secret using the data sent by AP. This shared secret is then used to compute Key Confirmation Key (KCK) and Pairwise Master Key (PMK) using Key Derivation Function (KDF). The key confirmation key is then fed into a hash function along with the access point’s and client’s element and mac address, which form the confirmation frame [3]. These confirmation frames are exchanged during Confirm phase in message 3 and 4, and if they are identical, then the access point and client can confirm that they have the same password in their possession and cache the pairwise master key [3]. Since the PMK is not derived using the pre-shared key but using a dragonfly handshake that needs the client’s active participation with the access point, hence a PMKID cannot be computed until the successful completion of dragonfly handshake, thereby, making offline dictionary attack infeasible even if the attacker is aware of the password. This gives an extra layer of protection and users can use less complex passwords that they can remember.

IV. 802.1X-EAP Consistency with Commercial National Security Algorithms

Enterprise networks employ 802.1X authentication framework that uses the Extensible Authentication Protocol (EAP) to exchange messages for authenticating users and encrypting data. This operation requires the use of an external authentication server along with the access point and client [1]. For validating identity, the client and the server talk to each other directly. EAP authentication is achieved in two steps. In the first step, the authentication server proves its identity to the client using Transport Layer Security (TLS) tunnel, and in the second step, the client proves its identity to the server by providing a username and password inside the tunnel [1]. After proving the identity to each other, the authentication server and the client negotiate the cipher suite to be used to derive keys for encryption. These cipher suites can be based on 128-bit Advanced Encryption Standard (AES) or hash using SHA256 [1]. Due to many flavors of EAP being offered, the client does not have control over the TLS cipher suite being agreed upon that results in the computation of symmetric keys, which are less secure for any existing cipher in 802.11 protocol [1]. For instance, AES-CCM-128 cipher may be agreed upon between client and server during the 802.11 association but may result in a key size much smaller than 128 bits, which is insecure.

Critical networks such as defense, government, and financial networks can be compromised if the encryption used is not strong enough to protect data privacy. With the rise in cyber-attacks and sophisticated tools to accomplish these attacks, the use of weak ciphers can have devastating consequences that may take a lot of time and money to mitigate the threat they create. To tackle this problem, WPA3 incorporates the use of the Commercial National Security Algorithm (CNSA) suite for 802.1X-EAP. CNSA defines a series of cryptographic algorithms that provide uniform security [1]. CNSA suite uses the X.509 version 3 digital certificate that includes a digital signature algorithm using the P-384 elliptic curve, which is a 384-bit curve, for key establishment and digital signatures [7]. These certificates are hashed utilizing SHA384 and use AES-GCM-256 for encrypting data and authentication [1]. CNSA mandates the use of these certificates for authentication and access to the WPA3 enterprise wireless network. The use of these certificates ensures that the cipher suite agreed upon utilizes cryptographic algorithms in the CNSA suite [1]. In some aspects of the network, security is essential and cannot be traded off for speed, performance, and convenience. Since CNSA does not allow any hybridizing of cryptographic algorithms, it removes any odds of misconfiguration and negotiation in 802.1X-EAP [1].

V. Wi-Fi Easy Connect

With the development of the Internet of Things (IoT) and smart homes, there has been a rapid growth in smart devices such as monitoring sensors, smart refrigerators, door locks, smartwatches and fitness trackers. Unlike laptops and smartphones these devices may or may not have a display screen or an interface to configure network details and security parameters manually [6]. There is a greater need to connect these devices to the Internet efficiently and with ease, without compromising security. To achieve this, Wi-Fi Alliance came up with a standard known as Wi-Fi Easy Connect, which uses Device Provisioning Protocol (DPP) to provision clients, set up the network, and efficiently enhance security with minimal human interaction [6].

DPP uses public keys to authenticate and identify devices. DPP defines two types of roles for the devices, namely Configurator and Enrollee, where Configurator is an authentic device such as a tablet or smartphone that configures other devices to be connected to the network known as Enrollees [6]. Enrollees can be access points, printers, sensors, and so on. The client devices that are Wi-Fi capable and use Wi-Fi Easy connect have their identity embedded inside a quick response (QR) code or plain string in the form of private and public keys. DPP is defined in four stages specifically bootstrapping, authentication, configuration, and network connectivity [6]. In the bootstrapping stage, a secure connection is established between Configurator and Enrollee by exchanging public keys embedded in the QR code, which is scanned using a camera as shown in Figure 3 [6].

Figure 3: Bootstrapping Process [6].

In the absence of the ability to read the QR code, the easily readable string can be used to configure the enrollee manually. QR code encodes bootstrapping information in the form of Uniform Resource Identifier that may also contain MAC address of the device, radio frequency channels to be used and optional additional information to establish a secure connection [6]. Once the bootstrapping process is completed, the Configurator and Enrollee authenticate each other using the DDP authentication protocol, which validates the bootstrapping keys exchanged to establish a secure connection between Configurator and Enrollee [6]. On establishing a secure connection, the Enrollee requests configuration information from the Configurator. In response, the Configurator provisions the Enrollee with connection type, whether infrastructure or ad-hoc, Service Set Identifier (SSID) and security parameters required to connect to the SSID [6]. The security credential generally includes a connector signed by Configurator, which consists of a public key, group attribute and network role information (AP or client) for the Enrollee [6]. The public key issued by the Configurator in the connector is unique for every Enrollee. Hence no other device can use it to access the network [6]. Similarly, if the Enrollee is an access point with a signed connector, then no rogue access point can impersonate the actual one.

Figure 4: Network connectivity after Wi-Fi Easy Connect enrollment [6].

The last stage in this process is network connectivity as shown in Figure 4 above, where both the Enrollee access point and client establish a secure connection by validating, that the configurator has signed their corresponding connectors, match the group attributes and derive a pairwise master key using the unique public key obtained during configuration phase [6]. This makes the process of onboarding of devices with no keypad or display screen flexible, convenient and faster without compromising the security.

VI. Conclusion

In this paper, we explored the features of next-generation Wi-Fi security WPA3 and the security challenges they address, which the existing protocols did not. The study of these features indicates that WPA3 is a promising technology, as it not only maintains interoperability with the existing WPA2 but simplifies Wi-Fi security by enabling strong authentication and encryption to make critical networks more resilient to attacks that can compromise user data and network. To summarize, Section II outlines the Opportunistic Wireless Encryption used in WPA3 that makes open Wi-Fi network secure by incorporating the Diffie-Hellman key exchange based on Elliptic Curve Cryptography to encrypt traffic. Section III describes a flavor of Dragonfly Key Exchange called Simultaneous Authentication of Equals and how it makes the wireless network resistant to brute force attacks. Section IV explains the advanced EAP configuration option that makes use of the EAP-TLS and Commercial National Security Algorithm (CNSA) suite to remove inconsistencies and misconfigurations in the 802.1X authentication framework. Finally, in Section V we analyze Wi-Fi Easy Connect, which uses DPP to simplify onboarding of devices without trading-off security. Overall, these features validate that WPA3 will play a vital role in WLAN security in the future.

VII. References

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the website then please: