A brief history of Wi-Fi security protocols, from zero to WPA3

With the continuous development of WI-FI, we will soon use the new 802.11ax protocol and the relatively safe and stable WI-FI security protocol WPA3. Before we can figure out what benefits WPA3 can bring, it is necessary to review the history of previous WI-FI wireless protocols. Only by recalling the bitterness and thinking about the sweetness can we truly know how sweet it is. Only by knowing the efforts made by our predecessors for WI-FI security can we understand how difficult it is to ensure the security of any system. In this article, Chongchong will tell you a brief history of the development of Wi-Fi protocols and key historical points.

[[259285]]

Savage Era

In the mid-to-late 1990s, when the Internet was just beginning, any machine could "sniff" the traffic of any other given machine, even on a wired network. At the time, Ethernet networks were mainly connected through hubs rather than switches, and anyone who knew a little about Internet protocols could capture packets at any time to browse the contents of network traffic, from the underlying network packets to the content of application-layer emails.

Around the turn of the century (around 2000), wired Ethernet had moved from hubs (and even old coaxial cable networks) to switches. A hub forwards every packet it receives to every machine connected to it, so network sniffing based on this is very simple. In contrast, switches only forward packets to the MAC addresses they are assigned to, so when computer B wants to send a packet to router A, the switch will not provide a network packet to the user on computer C. This subtle change made wired networks more trustworthy than before. When the original 802.11 Wi-Fi standard was released in 1997, including the WEP-wireless encryption protocol, it provided the same security expectations that users expect from wired networks today, so its name is derived from this.

WEP - The Original Wireless Encryption Protocol

The original version of WEP required a 10-digit or 26-digit hexadecimal pre-shared key, such as 0A3FBE839A. Since the hexadecimal characters are limited to 0-9 and AF, they are very different from the readable characters used in daily life, and are very difficult to read and use. It is easy to malfunction. For example, if you use letters that are not in the 0-F range, you will get an error. As expected, WEP was quickly abandoned. Although it seems unreasonable to require users to effectively and accurately share 10 or 26 hexadecimal digits, this is indeed how it was used in 1997.

D-Link's DI-514 802.11b is an example of a WEP router.

Subsequent versions of WEP provided a consistent way for clients and routers to automatically hash human-readable passwords of any length into 10 or 26 hexadecimal digits. Therefore, although the underlying layer of WEP still uses the original 40-bit or 104-bit numbers for processing, at least people don't have to read and share these hard-to-remember strings of numbers. The transition from numbers to passwords began to make WEP usage begin to rise.

Although WEP is still pretty good in practice, this early security protocol still has many problems. For one thing, it deliberately uses a very weak encryption algorithm, and although it can be manually set to strengthen the encryption algorithm, it is still easy to be sniffed by other machines on the same network. Since all traffic is encrypted and decrypted using the same PSK, anyone can easily intercept your traffic and decrypt it.

This is not the scariest thing. The scariest thing is that WAP passwords can be easily cracked. The Aircrack-Ng cracking suite can crack any WEP network in a few minutes.

WPA - Wi-Fi Protected Access

The initial implementation of WPA was in the 802.11g Wi-Fi standard, which was a huge improvement over WEP. WPA was designed from the beginning to accept human-friendly passwords, but it goes far beyond that.

WPA introduces TKIP, or Temporal Key Integrity Protocol. TKIP has two main uses. First, it creates a new 128-bit key for each data packet sent. This prevents the embarrassment of a WEP network being compromised in a few minutes. TKIP also provides a much stronger message authentication code than WEP's simple cyclic redundancy check (CRC). CRC is often used for low-confidence data verification to mitigate the impact of network line noise, but it has a natural flaw and cannot effectively defend against targeted threats.

TKIP also makes it so that your traffic is not automatically exposed to other newcomers to the Wi-Fi network. WEP's static pre-shared key means that anyone can receive everyone else's traffic in full view. But TKIP uses a new ephemeral key for each transmitted packet, so no one else can use that key. People who connect to a public Wi-Fi network, although everyone knows the password, use different data encryption keys, so you can't directly browse the contents of other people's transmitted network packets.

But TKIP also had its problems and encountered a MITM (Man In The Middle) in 2008. Security researchers Martin Beck and Erik Tews found a way to decrypt short packets in a WPA/TKIP network using the 802.11e QoS feature, also known as "Beck-Tews". The process only took 12-15 minutes, but it was not the worst, as relatively few networks actually implemented 802.11e at the time.

WPA2 - Abandon TKIP and replace it with AES-CCMP

In 2004, the Institute of Electrical and Electronics Engineers (IEEE) created a new 802.11 wireless network standard 802.11i extension in response to known problems with WEP and TKIP. The industry regulator Wi-Fi Alliance, which owns the Wi-Fi trademark, announced the implementation of WPA2 based on the 802.11i extension. The improvement of this version is to use AES-CCMP instead of TKIP for non-enterprise authentication (enterprises usually use RADIUS to assign passwords to each user separately. These two passwords can avoid most authentication threats).

There are some 802.11g routers that support AES, but the real mass use started with 802.11n routers, such as the Linksys WRT310n in the picture above.

The alphabet soup here is thick and hot: AES is the Advanced Encryption Standard, CCMP is the Counter Mode Cipher Block Chaining Message Authentication Code Protocol. AES-CCMP can avoid Beck-Tews and variants of MITM. Although WPA2 supports AES-CCMP, it is not mandatory to enable it. In order to be compatible with old non-WPA2 devices, many users still use TKIP.

KRACK Attack - Thoughts on Wi-Fi Security

Although WPA2 and AES-CCMP can avoid manual intervention, they do not permanently solve the security problem. KRACK, which appeared in 2017, pierced the AES/CCMP barrier like a sharp arrow.

802.11i anticipates occasional loss of network connectivity, and to speed up reconnection, it allows disconnected devices to reconnect using old keys. Thus, a well-disguised snoop can capture packets and use a replay attack to force the network to repeatedly send the same known block with a new random number. From this information, the hacker can reconstruct the entire keychain, giving them full network access.

KRACK exploits a vulnerability in 802.11i, so WPA2 cannot fix it. Although the attack can be largely mitigated by disabling EAPOL-Key frame retransmission during key installation, this will increase the time it takes for offline devices to reconnect. However, this is the only way to prevent KRACK and improve security.

WPA3 – NFC, PFS, SAE, and more

The Wi-Fi Alliance introduced WPA3 in January 2018. WPA3 avoids replay attacks by replacing pre-shared keys (PSK) with peer authentication (SAE). SAE is a protocol designed to strongly and securely identify peer devices, and it proposes the 802.11s standard for Wi-Fi mesh networks. The Wi-Fi Alliance claims that the implementation of SAE mentioned in IEEE 802.11-2016 will solve security issues caused by carelessness or settings of users. SAE also solves (non-violent or dictionary) threats against networks with short password settings.

WPA3 certification also introduces the ability to use NFC for authentication. NFC, or near field communication, is an extremely short-range wireless communication technology used for authentication by bringing a device close to a verification device. If a WPA3 router or access point has NFC network joining enabled, you can simply hold an NFC-enabled phone or Internet device against the router/access point to pass the authentication and join the network. Although in a sense this is a low security, anyone who can use a mobile phone to lightly access the Internet can use it. However, since NFC sessions cannot be captured remotely, and are convenient and easy to use, there is no need to remember passwords, and audits and post-event behavior tracking can be performed based on networked devices, this is a relatively convenient and reliable method that balances the requirements of security and ease of use.

WPA3 also fixes another glaring hole in Wi-Fi's implementation of encryption by adding Perfect Forward Secrecy. With WEP, WPA, or WPA2, a hacker who didn't know the Wi-Fi password could record everything within their range and then decrypt it once they had the key. With Perfect Forward Secrecy, pre-recording network packets is no longer possible. Even if you later crack the network, the packets you previously captured will still be undecodable. With WPA3, even weaker HTTPS connections and unencrypted network packets like DNS resolution will be protected.

Wireless WI-FI security

WPA3 is still a ways off from being released, and there are no routers on the market that support it. But don’t panic. Most modern routers also support KRACK attack mitigation settings.

If at all possible, you should never use any non-802.11ac equipment anymore;

You should be absolutely sure that you have updated the firmware on all your routers with the new available versions.

If your device has a new firmware version available before November 2017, it is undoubtedly vulnerable to KRACK. What you need to do at this time is to switch to a newer router.

Windows, Linux or BSD, and Apple PCs are generally not a problem, as long as the OS itself is patched and updated. WPA2 authentication on generic computers is usually independent of the OS and is handled by the hardware drivers.

Apple IOS devices and Google Pixel and Nexus devices will be fine if the device itself is very new. Android devices often have a lot of problems because many Android OEMs and carriers are slow to provide new security patches in a timely manner. IoT devices are also prone to security issues. If you have a non-Google Android device or IoT devices in general, you need to pay attention to security developments to make sure your device is not having problems.

The history of changes in Wi-Fi security protocols tells us that no device or protocol is always secure. Security is dynamic. Once one vulnerability is resolved, new ones will immediately emerge. Only continuous iteration and updating can ensure security.