It’s in the nature of security protocols to evolve and be replaced in line with the changing threat landscape. Discoveries of security flaws and vulnerabilities lead to protocols or their implementations updating regularly. We can see this in WPA or WEP and their variants evolving to WPA2 (Wireless Privacy Access II). Today, we are examining what the latest move to WPA3 means.
WPA and the Wi-Fi Alliance
WPA2 is now more than 10 years old, would you believe that? It replaced WPA in 2004. In real life, however, the various technology components did not become available to the mainstream until approximately two years later in 2006.
WPA3 was released in January 2018 by the Wi-Fi Alliance. This is a a non-profit organization that promotes Wi-Fi technology and certifies Wi-Fi products for conformity to certain standards of interoperability. It owns the Wi-Fi trademark and logo, which may only be used by manufacturers who have certified their products for compliance and interoperability in accordance with the certification program managed by the Alliance.
Since its inception in 1999 the Alliance has grown to more than 550 members, of which only 14 have the “sponsor” designation. These are global players who are typically trendsetters in the industry. They are: Apple, Comcast, Samsung, Sony, LG, Intel, Dell, Broadcom, Cisco, Qualcomm, Motorola, Microsoft, Texas Instruments and T-Mobile.
Good but not good enough
Before diving into some of the security benefits of the new standard, let’s take a look at some statistics related to the security protocols currently in use. These are sourced via Wigle.net who consolidate location and information of wireless networks worldwide to a central database. They have user-friendly desktop and web applications that can map, query and update databases via the web.
The clear trend from the above graphic is that unencrypted networks are clearly on the decline. We see a little over 4% in 2018 and there is about a 1/5 in an unknown state. This leaves 76% for all of the encrypted networks. WEP and WPA take 6% each while 63% uses WPA2 (all figures are rounded).
You could interpret the progress made since 2002 as good but not good enough. It leaves us questioning what the update of the new WPA3 standard will be? There are a lot of unknowns. It is a complex relationship with multiple parties involved. We see software and hardware vendors on one side while business and consumer users sit on the other.
Flaws and vulnerabilities
Looking at the history of WEP, WPA and WPA2 in the context of flaws and vulnerabilities, the following highlights are worth mentioning:
- WEP’s encryption algorithm RC4 is no longer considered secure. The effective key length of that algorithm as used by WEP was either 40 or 104 bit. Weaknesses in WEP first showed up in 2001 and by 2007 one of the attacks was capable of obtaining the WEP encryption key within a minute.
- As a result of WEP’s shortcomings, an effort was made to quickly come up with a replacement. Even if that was a temporary solution in order to mitigate the volume of compromises that started taking place through wireless networks. This replacement was defined in the 802.11i protocol whose draft first appeared in 2004. WPA included partial implementation of the specifications of this 802.11i protocol which then was officially announced in 2004. The result of the rush to replace the damaging weaknesses of WEP and partial implementation of some of the 802.11i specifications meant that it too was developed with compromises. This in turn meant that it would need a replacement soon thereafter. It was a conscious compromise which had to ensure that even aging hardware components could support this new protocol. For example, it too relied on the RC4 encryption algorithm, that was deprecated by 2012.
- In 2006, WPA2 became the mandatory protocol to be supported by all new Wi-Fi devices undergoing certification. Its main goal was to include all mandatory elements of 802.11i and specifically CCMP, which is an AES based encryption mode. The main weakness and attack vector against WPA2 networks remained the brute forcing of simple or dictionary-based passwords until 2017. That effort of attacking WPA2 protected networks was further simplified by the choice of SSIDs matching the top 1000 SSIDs in use. And with the growing popularity and availability of Rainbow Tables. These Rainbow Tables contain downloadable databases of pre-generated common passwords for the top 1000 most used SSIDs. The result was making attacks both easy and quick.
- In 2017, Dankzij Mathy Vanhoef and Frank Piessens developed a new attack methodology which they appropriately called Krack – Key Reinstallation Attack. This is a somewhat sophisticated attack on the 4-way handshake. While it will not disclose the actual encryption key, it allows the attacker to obtain the cleartext version of the transmitted version. While patches and firmware upgrades exist from some soft- and hardware vendors, the majority WPA2 based networks remain vulnerable due to the complexity to deploy and availability of such patches and upgrades.
- Another weakness rather than flaw of both WPA and WPA2 is the lack of the so called “Forward Secrecy”. What this allows an attacker to do is to decrypt all historic data that he or she has captured to the point where they are able to obtain the encryption key. This lack of Forward Secrecy creates a problem especially in public situations where for example a hotel Wi-Fi Access Point using the WPA or WPA2 protocol uses an encryption key known to all guests of the hotel. This can enable a malicious “guest” to capture silently and passively all traffic and decrypt the information at their leisure. Thankfully, most modern applications and web sites such as social networks, banks, online shopping, and e-mail, rely on the addition of the TLS protocol or similar to securely transfer data – including that of one’s username and password.
- Wi-Fi Protected Setup (WPS) is a mechanism to easily connect devices to Wi-Fi networks at the push of a button. In 2011 Stefan Viehböck discovered a vulnerability which affected wireless routers or access points irrespective of the encryption protocol in use. It allowed an attacker to recover the WPS PIN and with it the WPA or WPA2 encryption password within a couple of hours.
Before getting into some technical details, let me briefly share a few of the security benefits of the new protocol:
- Protect consumer users from using “lazy” passwords.
- Protect historic communications through Perfect Forward Secrecy.
- Connect easy and securely nearby devices that lack sufficient UI capabilities - Wi-Fi Easy Connect (WPS replacement).
- More secure public networks.
So how does WPA3 deal with and solve the challenges addressed above?
- WPA2 will protect you sufficiently if you pick a strong password of at least 16-character length. Who has time for that?! Or who would want to enter a long and complex password every time they need to connect a new device at home? WPA3 will implement a new key exchange protocol called Simultaneous Authentication of Equals. Its goal is to ensure resistance against passive, active or dictionary-based attacks. In order to attack your password a malicious user will need to interact with your Wi-Fi router or Access Point for every attempt at guessing your password. Something that will make it impractical and time consuming even for the simplest of passwords.
- Unlike WPA2, this new protocol will prevent an attacker accessing the data within your encrypted transmissions prior to the time when he or she obtained the encryption key. They will be merely able to only decrypt newly captured and not historic data, so all you have to do it change the password asap.
- Connecting IoT or other home devices without a screen or User Interface will be as simple as scanning a QR code with a smartphone and will utilise public key encryption algorithms.
- Sitting in a Starbucks and sipping a “Nitro Cold Brew With Sweet Cream” will not expose your data, even if the network is “open”. This means that the data will still be encrypted between the Access Point and each individual client.
When will it be available?
Manufacturers are already getting new devices certified, but it will still take a few months. My guess is that we won’t see much on the market before the 2018 Christmas season. A wider adoption may follow by the second half of 2019.
The change to WPA3 will also put various vendors to the test. It will show whether they will invest in their brands by developing a security or firmware upgrade to support WPA3.
One thing remains, if you want faster speed and more reliable signal, it may be time to consider an upgrade anyway, especially with 802.11ax on the horizon.