Let's talk about WiFi6 security technology

1. WiFi6 Overview

In 2018, in order to better build a WiFi ecosystem, facilitate the promotion and use of WiFi standards, and facilitate non-professional users to effectively distinguish WiFi standards, the WiFi Alliance changed the standard naming rules, renamed the previous standard 802.11n to WiFi 4, and the standard 802.11ac to WiFi5. In 2019, the Institute of Electrical and Electronics Engineers (Institute of Electrical and Electronics Engineers) released the latest WiFi standard protocol 802.11ax, namely WiFi6. It can support both 2.4GHz and 5GHz frequency bands, with a maximum transmission rate of 9.6Gbit/s. Compared with 802.11ac, the actual throughput in a dense user environment is increased by 4 times, the nominal transmission rate is increased by 37%, and the latency is reduced by 75%. At the beginning of 2020, the WiFi Alliance announced that WiFi6 devices that can operate in the 6GHz frequency band will be named WiFi6E. E stands for Extended, which means extending from the original frequency band to the 6GHz frequency band. Figure 1 shows the differences in some indicators between the WiFi6 standard and the WiFi4 and WiFi5 standards.

Figure 1. Differences between some indicators of WiFi6 standard and WiFi4 and WiFi5 standards

The application scenarios of WiFi6 have also changed significantly compared to previous versions of WiFi. Typical WiFi6 application scenarios are listed below:

(1) Broadband video service delivery

As people's requirements for video experience continue to increase, the bit rates of various video services are also increasing, from standard definition to high definition, from 4K to 8K, and now to VR video. However, this is accompanied by an increasing demand for transmission bandwidth, and meeting the requirements of ultra-wideband video transmission has become a major challenge facing video services. WiFi6 technology supports the coexistence of 2.4GHz and 5GHz bands, of which the 5GHz band supports 160MHz bandwidth and a maximum rate of 9.6Gbit/s. The 5GHz band has relatively less interference and is more suitable for transmitting video services. At the same time, the BSS coloring mechanism, MIMO technology, dynamic CCA and other technologies can reduce interference and packet loss rate, bringing users a better video experience.

(2) Low-latency services such as online games

Online gaming services are highly interactive services that have higher requirements for bandwidth and latency. Especially for emerging VR games, the best access method is WiFi wireless. OFDMA channel slicing technology introduced by WiFi6 can provide exclusive channels for games, reduce latency, and meet the needs of gaming services, especially VR.

(3) Smart Home Intelligent Interconnection

Smart interconnection is an important part of smart home business scenarios such as smart home and smart security. The current home interconnection technology has different limitations. WiFi6 technology will bring opportunities for technology unification for smart home interconnection. It optimizes and integrates high density, large number of accesses, low power consumption and other features, while being compatible with various mobile terminals commonly used by users, providing good interoperability.

2. WiFi network security threats

Common WiFi threats in life are mainly divided into the following categories:

(1) Illegal users occupy communication resources

When the password set for a WLAN is too simple, such as a pure numeric password or even a default password, attackers can obtain the password by guessing or brute force cracking to access the network and occupy the bandwidth of legitimate users.

(2) Phishing Attack

In mobile cellular networks, criminals take advantage of the defects of 2G technology and send fraudulent, advertising and other junk information to users' mobile phones by disguising as operators' base stations. Similarly, in WLAN, criminals induce users to access illegal hotspots by setting up service set identifiers (SSIDs) that are the same or similar to legitimate hotspots. Once a user accesses such a hotspot, important data may be stolen, causing financial losses to the user. For example, if a user accesses a shopping website pushed by an illegal WiFi hotspot and conducts a transaction, the criminals will intercept the user's account information and steal the user's account.

(3) Illegal AP access attack

At present, the means of attack of criminals are changing with each passing day, and the industry's security attack and defense technologies are also continuously expanding into the hardware field. Attackers may have close access to WiFi access point devices and tamper with the device storage media. For devices that do not have a hardware root of trust, the security protection measures of the entire system will be completely ineffective. After the end user accesses the hijacked WiFi access point, all data traffic will be stolen or tampered with. In addition, the inherent vulnerabilities of the old protocol standards, such as the use of insecure algorithms and WeakIV vulnerabilities in the Wired Equivalent Privacy (WEP) protocol, also make passwords easy to crack.

In summary, common WLAN security threats include unauthorized use of network services, data security, illegal access points, and denial of service attacks. In response to the above security threats, we can take corresponding security measures to protect network security. Below we mainly introduce the main security technologies involved in WiFi6.

3. WiFi6 security technology

Compared with WiFi5, WiFi6 improves access bandwidth and concurrent capacity, and brings energy-saving technology. Although the WiFi standard itself does not introduce new security mechanisms, the WPA3 certification mentioned above will become a mandatory certification for all new WiFi from July 1, 2020, that is, WPA3 is equipped with WiFi6 to improve the security of wireless networks. WiFi6 security mechanisms include link authentication, user access authentication and data encryption, wireless attack detection and countermeasures, and the security and reliability of the network element's own equipment. Let's introduce them one by one:

(1) Link Authentication

Link authentication is terminal identity authentication. Since the 802.11 protocol requires link authentication before accessing the WLAN, link authentication is usually considered to be the starting point of the handshake process for the terminal to connect to the AP (Access Point, AP) and access the WLAN. The 802.11 protocol stipulates that there are two main link authentication methods: open system authentication and shared key authentication. In open system authentication, the terminal uses the ID (usually the MAC address) as the identity proof, and all terminals that comply with the 802.11 standard can access the WLAN. Shared key authentication is only supported by the WEP protocol, requiring the terminal and the AP to use the same "shared" key. Since the WEP protocol has poor security and has been eliminated, open system authentication is generally used in the link authentication stage. In this stage, the identity authentication process is actually not performed, and the link authentication can be passed as long as the protocol interaction process is met. In the WPA3 standard, opportunistic wireless encryption (OWE) is newly introduced to protect the privacy of users in the open network by encrypting separate data, and to achieve non-authentication encryption in the open network.

(2) User access authentication and data encryption

User access authentication is to distinguish users and limit their access rights before they access the network.

For simple terminal identity authentication mechanisms (link authentication), user identity authentication is more secure. User access authentication mainly includes the following: WPA/WPA2/WPA3 authentication, 802.1x authentication, and WAPI authentication. In addition to user access authentication, data messages must also be encrypted to ensure data security. After the data message is encrypted, only a specific device holding the key can decrypt the received message. Even if other devices receive the message, they cannot decrypt the data message because they do not have the corresponding key. Figure 2 shows the two-way verification process of the device certificate:

Figure 2. Bidirectional verification process of device certificates

In order to build end-to-end security and trustworthiness, in addition to ensuring the security of the channel from the terminal to the WLAN device AP, the device trustworthiness and channel security from the AP to the controller must also be ensured, which is ensured by two-way verification of device certificates and DTLS encryption of the CAPWAP tunnel.

As shown in Figure 2, the device certificate two-way verification process is that the device to be registered carries its own certificate in the message initiating the request to the cloud platform; after the cloud platform obtains the device certificate, it performs a traversal authentication of the certificate chain and verifies whether the device ESN is the device injected into the resource pool; the corresponding device will also verify the cloud platform's certificate. Only after the two-way verification is passed can the business process be initiated, and the risk of device counterfeiting is resisted through the security mechanism of the certificate. Two-way authentication between Wi-Fi devices and controllers

It needs to be implemented based on digital certificates. The most critical part of the authentication process is the signature of the private key. If an attacker can break into the host software and call the authentication private key, he can impersonate a legitimate device and trick the controller into accessing the network, thereby achieving a lateral attack.

(3) Wireless attack detection and countermeasures

Authentication and encryption are two common wireless security solutions that can protect the network in different scenarios. On this basis, wireless system protection can also be used to provide WLAN protection. At present, the main technologies for wireless system protection are Wireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS). These two technologies can not only provide intrusion detection, but also implement some intrusion countermeasures to protect the network more proactively. For the most common key brute force cracking, the anti-brute force key cracking function can be deployed. The AP will detect the number of negotiation failures of the key negotiation message during authentication within a certain period of time. If it exceeds the configured threshold, it is considered that the user is cracking the password through brute force cracking. At this time, the AP will report an alarm to the AC. If the dynamic blacklist function is enabled at the same time, the AP will add the user to the dynamic blacklist list and discard all messages of the user until the dynamic blacklist ages.

(4) Equipment integrity protection

The goal of secure boot is to protect the integrity of the software installation package and ensure that the integrity verification process is safe and reliable. The software installation package may be maliciously tampered by attackers during transmission. Once the maliciously tampered software is installed in the user system, it may cause user information leakage, user system resource occupation, or even the system to be completely controlled by the attacker. If the enterprise equipment software is tampered with and the eavesdropping function is implanted, it will cause huge losses to operators and enterprises.

The security guarantee of this part is mainly based on the secure boot of hardware trust root and digital signature. The principle of the solution is: the system must have an unchangeable code and a signature verification key as the root of trust (RoT), and as the first boot code of the system. When the system starts, each startup stage verifies the code of the next stage step by step. If the verification fails, the startup stops.

4. Summary

In the long run, the increase in the access of IoT devices is the main reason for the surge in network traffic, so the continuous updating of protocols is also to meet people's future needs for multi-device and multi-scenario Internet access. Although the technology is constantly updated, attackers still often invade IoT devices through protocols, and users still need to be vigilant when using public WiFi. Although WiFi6 has become popular quickly, there are still some shortcomings, such as few supported devices, high costs, and advantages that can only be highlighted in specific occasions. It is a general trend for WiFi6 to enter people's lives. In the future, we will see more and more carrier devices launched, and security risks will also arise. People should not only enjoy the benefits of technology, but also actively respond to the risks and challenges brought by technology.

References

[1] Cao Bin, Jixiang. Research on application of Wi-Fi6 security and trust technology[J]. Confidentiality Science and Technology, 2020(08):20-28.

[2] Huang Yu, Li Yuru. Overview of the current status of WiFi6 technology[J]. China Radio, 2021(05):90-91.

[3] Wang Yicheng. Analysis of the sixth generation WiFi technology and its relationship with 5G[J]. Information and Communication, 2020(05):1-3.

[4]Mathy Vanhoef, Eyal Ronen. Dragonblood. Analyzing the Dragonfly Handshake of WPA3and EAP-pwd.

[5] https://zh.wikipedia.org/wiki/IEEE_802.11ax[6] https://www.freebuf.com/articles/wireless/242734.html