Protocol WPA3, update that needed WiFi

Leturia Azkarate, Igor

Informatikaria eta ikertzailea

Elhuyar Hizkuntza eta Teknologia

WiFi Alliance, an entity that defines and promotes WiFi technology, launched at the end of June the new version of the WPA protocol, called WPA3, which guarantees the security of WiFi networks. In fact, the previous version, the WPA2, was over ten years old and in 2017 they managed to break. In addition, this new version is more prepared for the challenges and risks involved in the deployment of the Internet of Things. The creators have been very convinced of the security and inviolability of the WPA3, but time will tell. In any case, it will still take a little to see the wpa3 deployed on routers and devices.
wpa3-protokoloa-wifiak-behar-zuen-eguneraketa 400

There will be few people who currently do not know WiFi technology and much less use it. WiFi technology is the most commonly used among devices for the creation of near-range wireless networks. Through an access point called Router and through WiFi technology it is possible to connect laptops and mobile phones to the local network of the company or home, use your Internet connection, etc.

Security problems of WiFi technology

As has already been indicated, WiFi technology allows wireless connections using electromagnetic waves that are transmitted through the air. But that means it is also weaker from the point of view of security. In fact, to try to access a private network of computers it is not necessary to enter the building in which this network is located and to physically connect to it through a cable, it is enough to be in the reach of the WiFi access point, since in this way you can detect all the electromagnetic signals, interact with the access point, etc. Therefore, to ensure safety and avoid unwanted access, it is necessary to have effective systems and protocols.

The communication protocol used by WiFi technology is the 802.11 protocol of the IEEE organization, which has been renewed since its creation in 1997. In this first version, the 802.11 protocol included the WEP security protocol (Wired Equivalent Privacy or Cable Equivalent Privacy). But this security system soon ceased to be of security. In 2001 the aircrack-ng software was launched, capable of creating in a few minutes the password of a wep-protected WiFi network.

As the IEEE organization was dedicated to many other things, in 1999 several communication and technology companies joined and an organization was created specifically dedicated to wireless communication protocols. The organization is renamed WECA and in 2002 it is recreated as Wi-Fi Alliance. It is the owner of the WiFi name and is responsible for the definition, promotion and emission of WiFi technology certificates and for creating security systems for WiFi technology.

In 2003, WiFi Alliance published the WPA protocol (Wi-Fi Protected Access). They took it with some haste and as a provisional measure because the WEP was already broken. And in 2004 it launched WPA2, the security protocol that has since been used as standard on WiFi networks.

It has been proven that the WPA2 is a good system, since no serious security holes have been found, and since its birth many years have passed on a technological scale. However, it is not a perfect system and it has been found several errors. For example, if the password entered by the user is short or weak, you can easily find it using the above mentioned software aircrack-ng. On the other hand, the knowledge of the password allows to decipher all the messages that are sent before and after encrypted with this password, which means that anyone can see messages in cafes, hotels and public places (where all users know the password). In addition, it has been proven that the WPS system that serves to connect small devices without screen, such as the Internet of Things, is also faulty.

Well, and the WPA2 has not been found any serious security hole… until last year. In October 2017, several researchers published the detection of a serious problem and the demonstration of an attack called KRACK. Through it an attacker could obtain the password and read, decipher and manipulate all communications. For this reason, in January of this year, Wi-Fi Alliance announced the departure of the WPA3 standard, which was introduced at the end of June.

wpa3, which will solve problems

The WPA3 solves all of the above mentioned WPA2 problems. To start with, although we use short passwords, in WPA3 you can't make a dictionary attack, that is, you can't try a lot of passwords one after the other. In addition, each connected device will have a custom encryption and, despite knowing your password, a third party will not be able to read the messages. Finally, it defines a safe way to connect small devices using QR codes with routers and devices. In addition, the encryption will be 192 bits instead of the previous 128 encryption.

Defining and presenting WPA3 does not mean that all of this is solved. Manufacturers must implement first and Wi-Fi Alliance after verifying such implementations. And then you will have to reach the devices of our homes and companies. Updates are common on computers, less on phones and less on routers, so for everyone to have wpa3 it will be necessary in many cases to purchase new devices.

The authors of the WPA3 are very confident and proud of their safety. The truth is that they have solved the problems of the above and seem to have also thought in the future. But history has taught us that there is no perfect and safe system that can last forever, but the question is how long it will be safe. If it lasts as long as the previous WPA2 protocol, it will be little.

Babesleak
Eusko Jaurlaritzako Industria, Merkataritza eta Turismo Saila