The majority of Wi-Fi networks are closed, with a password necessary to obtain permission to use the connection. Securing a network requires a communication protocol, which determines the terms of use. All protocols can be hacked, therefore, they are updated to minimize the risk of outside access. WPA is a series of programs designed to increase the security of Wi-Fi networks. WPA3 is the most recent entrance, and it has several benefits over its predecessor, WPA2.
Prerequisites for WPA2 and WPA3
WPA emerged as a solution to the vulnerability of the previous iteration of security programming WEP. The acronym WPA stands for Wi-Fi Protected Access, which uses a stronger encryption method, known as TKIP. The Temporal Key Integrity Protocol has a dynamic encryption key, whereas WEP required a user to manually enter the key, which would not change. Although it was more secure than WPE, not all devices were advanced enough for a new encryption system. As a result, WPA had to rely on WEP, thus making it vulnerable to breach and justifying the necessity for WPA2.
WPA2 provides more security and is the most utilized protocol today. Its distinctive feature is the use of the Advanced Encryption Standard (AES), which has a stronger algorithm. In theory, it should have eliminated the possibility of getting access to a network by password guessing. However, a bug in programming allowed hackers to use a KRACK technique. Subsequently, “this flaw gives attacker a skeleton key to access any WPA2 network without a password” (Kaniewski, 2019, p. 6). WPA2, which had been presumed to be unhackable, was now vulnerable due to programming imperfection.
The Wi-Fi Alliance published the latest version of Wi-Fi Protected Access known as WPA3 in 2018. It should be noted that there was another problem with WPA2 besides KRACK. The incompatibility of many devices to AES forced WPA2 to also use the outdated TKIP. This weakness drove software developers to erase the possibility of a new protocol relying on older encryption methods, which can be bypassed (Wi-Fi Alliance, Wi-Fi Certified WPA3 Section, para. 1). Therefore, WPA3 is more stable and uses only AES for encrypting.
Server Authentication in WPA3
One of the primary upgrades of WPA3 over WPA2 is the procedure of server authentication. The attackers’ purpose is to obtain the credentials of a Wi-Fi network. Most of the users are not aware of their smartphones accessing the network as these processes are automatic. Bartoli (2020) argues that “network credentials often unlock access to all enterprise services” (p. 2). The hackers’ solution was to create an evil twin, which is a fraudulent access point. It appears to have the name of the Wi-Fi network the user is trying to connect to. Afterward, the traffic data allows the perpetrators to guess the credentials.
This weakness left the organizations relying on WPA2 vulnerable to leakage. It is made possible by the organization’s security policy allowing the presence of unsecured networks, among which an evil twin resides. It can be resolved by the mandatory prohibition of insecure connections, but “WPA2 Enterprise does not provide any technical means for detecting connection attempts from supplicants that are not compliant with the security policy” (Bartoli, 2020, p. 3). In essence, WPA2 allowed the existence of evil twins, which were used to steal information.
In response to this threat, the Wi-Fi Alliance structured WPA3 by using stricter security policies and minimizing automatic connections with outside users. WPA3 configuration forbids access to unauthorized certificates in the network. The problem is that administrators still have to decide on the trustworthiness of a new identity (Bartoli, 2020). Although the overall server authentication is less susceptible to attacks, the core issue of correctly verifying the connection remains unresolved.
Security of Wi-Fi connection in WPA3
Another vulnerability of WPA2 is connected with those networks, which are protected by weak passwords. Although WPA2 uses AES, which is extremely unlikely to be bypassed by brute force, such networks can be infiltrated because keywords are not ingenious enough, meaning they can be guessed (Wi-Fi Alliance, Wi- Is WPA3 Better Than WPA2 Section, para. 1). WPA3 allows only one attempt at inserting a password, prolonging the time necessary to correctly estimate the necessary word bypassed.
WPA3 also protects the anonymity of users in open Wi-Fi areas. Earlier iteration warned upon connecting that the network is not secure. Subsequently, it was necessary to utilize a VPN server or exclusively visit web pages with encrypted HTTPS. In contrast, WPA3 encrypts each individual gadget’s connection to an unsecured access point, thus lowering the chances of data theft in a public network (Kaniewski, 2019). Nevertheless, an attacker can still interact with the Wi-Fi network repeatedly, leaving the possibility of brute force access.
Conclusion
Altogether, WPA3 is the upgraded version of WPA2, with less hacking risk. Advanced Encryption Standard substantially complicates brute force attacks by a more sophisticated encryption method. The bug that allowed resorting to the KRACK technique is fixed. Server authentication in WPA3 prohibits unsecured networks and untrusted connections, removing evil twins. The security of open Wi-Fi areas is strengthened, protecting even weak passwords. Ultimately, each user is still responsible for their privacy, as hackers adapt to the programming imperfection.
References
Bartoli, A. (2020). Understanding Server Authentication in WPA3 Enterprise.Applied Sciences, 10(21), 1-12. Web.
Kaniewski, P. (Ed.). (2019). Proceedings of the XII Conference on Reconnaissance and Electronic Warfare Systems. The Military University of Technology. Web.
Wi-Fi Alliance. (n.d.). WPA2 and WPA3 security. Web.