WPA3, the next-gen Wi-Fi security

07.01.2020 97

Have you ever thought about the crazy amount of vital data that transits every minute in the air?

Currently, nobody – neither people, nor companies – can work properly without Wi-Fi. Banking, shopping and the whole management of your business and daily life pass through a Wi-Fi connection. That is why security is a major concern.

What is WPA?

Wi-Fi Protected Access (WPA) is a security protocol designed by the Wi-Fi Alliance to protect wireless networks. In 2003, WPA came to replace the Wired Equivalent Privacy (WEP), an earlier algorithm in charge of data confidentiality protection.

WEP appeared in 1997 as part of the IEEE 802.11 – a standard introduced by the Institute of Electrical and Electronics Engineers. It was officially endorsed as a security standard in 1999.

WEP served its purpose well in the first years of its introduction. But as we all know, crime doesn’t sleep, so malicious users discovered how to crack it. One of its main weaknesses was the static key it used to send data from the computers. When the key doesn’t change or when it is repeated, it is just a matter of time for hackers to break the encryption and get the data.

WEP had different upgrades until 2004 when it was finally depreciated.

WPA and WPA2… the next steps!

In 2003, WPA was released. The next security protocol was developed with the intent to avoid the WEP vulnerabilities.

An improvement worthy of mention was that it worked with TKIP (Temporal Key Integrity Protocol), a temporary encryption key that changes with every packet of information we send. No more static keys!

Thanks to WPA, routers got the capacity to discard suspicious – malicious data packets, normally used by hackers to get in.

But again, people found ways to hack it. For instance, through the Wi-Fi Protected Setup (WPS), a support used to connect new devices to access points.

And even WPA included TKIP to make protection stronger, the reality was that it continued working with the RC4 algorithm, used by WEP, as a base. This was needed to make the transition from WEP to WPA possible for users.

So, WPA was a step to abandon WEP and reach WPA2, which officially became the new security standard in 2006.

The main upgrade was without a doubt the Advanced Encryption Standard (AES). An algorithm used directly by the U.S. government to secure sensitive data definitely made WPA2 more powerful against intruders.

It authenticates devices, with a four-way handshake. An access point exchanges four messages with a client device to get encryption keys for protecting the data we send.

It was definitely an improvement… but nothing lasts forever! It became hackable as well.

What does WPA3 bring to the table?

In 2018, the Wi-Fi Alliance introduced WPA3. The new protocol has Personal and Enterprise versions just like its predecessor.

Its main improvements are:

  • The Simultaneous Authentication of Equals (SAE), also called Dragonfly Handshake to get stronger passwords. This means protection in cases of dictionary attacks and the possibility of avoiding decryption of our information while offline.
  • The increase of key sizes –to 192-bit in the Enterprise version-, obviously, to avoid easily hackable passwords.
  • Protection in the information traffic even when a password gets compromised after that information was sent.
  • Opportunistic Wireless Encryption (OWE), a protection system to open networks through unauthenticated encryption.
  • Wi-Fi Device Provisioning Protocol (DDP) instead of the WPS to easily connect new devices without risking the security of the networks.
  • Easier and faster connection.

WPA3 was designed more robust to effectively secure networks. But the upgrade of Wi-Fi security protocols looks like the eternal conflict between good and evil.

The transition to WPA3 is on. To implement the standard in every device in the world takes time. And time is exactly what is required to properly test its performance and find ways to crack it.