Wi-Fi Protected Access (WPA)
- 92 Downloads
Wi-Fi Protected Access (WPA) is a security standard designed for wireless networks. WPA implements most of the IEEE 802.11i standard and was an alternative to previous security standard before 802.11i was developed, so it is sometimes referred to as the draft IEEE 802.11i standard.
WPA was developed by the Wi-Fi Alliance to provide better security than Wired Equivalent Privacy (WEP), the previous Wi-Fi security standard. WPA became available in 2003, and it was intended as a transitional measure for the full IEEE 802.11i standard (also referred to as WAP2), which became available in 2004. WAP2 may not work with some older network cards, while WPA can work well with these older network cards. Therefore, WPA and WPA2 are concurrent security standards.
WPA-Personal mode, also referred to as WPA-PSK, is designed for home and small office networks, which makes every user under the same wireless router use the same key called pre-shared key (PSK).
WPA-Enterprise mode, also referred to as WPA-EAP, uses more stringent 802.1x authentication with the Extensible Authentication Protocol (EAP). It needs to use an authentication server to distribute different keys to various end users.
Encryption. WEP only has a 64-bit or 128-bit encryption key which is fixed and has to be manually entered on wireless access points (APs). WPA adopts a so-called Temporary Key Integrity Protocol (TKIP), which dynamically produces a new 128-bit key for each data packet. It defeats well-known related-key attack against WEP.
Data integrity. WPA also adopts a message integrity check, which is designed to prevent an attacker from altering and resending data packets, and it replaces the cyclic redundancy check (CRC) used by WEP. CRC’s main drawback is that it does not provide a sufficiently strong data integrity guarantee for the packets it handles. Well-tested message authentication codes can solve these problems, but they require too much computation to be used on old network cards. WPA uses message integrity check algorithm TKIP to verify the integrity of the packets, which needs less computation but offers stronger performance than CRC.
TKIP was designed to be used with older WEP devices. However, researchers did discover a flaw in TKIP that can be used to achieve a certain attack. This caused the replacement of TKIP by CCMP (sometimes called AES-CCMP) encryption protocol in WPA2, which provides additional security.
The latest security standard for wireless networks is WPA3, which was announced as a replacement to WPA2 by the Wi-Fi Alliance in January 2018. WPA3 uses 192-bit key and individualized encryption for each user. The Wi-Fi Alliance also claims that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface.
Weak passwords. If users rely on weak passwords, WPA-PSK is still vulnerable to password cracking attacks. Brute forcing of simple passwords can be attempted using the Aircrack Suite (Tsitroulis et al., 2014). WPA3 solves this problem by requiring interaction with the infrastructure for each guessed password, so that the infrastructure may place temporal limits on the number of guesses.
A lack of forward secrecy. WPA-PSK doesn’t provide forward secrecy, meaning that once an adversary discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK. This also means an attacker can silently capture and decrypt others’ packets if an access point is provided free of charge at a public place, because its password is usually shared to anyone in that place. Therefore, it’s safer to use Transport Layer Security (TLS) or something similar on top of that for transferring any sensitive data.
WPA packet spoofing and decryption. The Beck-Tews attack (Tews and Beck, 2009) could decrypt short packets with mostly known content, such as ARP messages, and allowed injection of 3 to 7 packets of at most 28 bytes. Halvorsen and others (Halvorsen et al., 2009) show how to modify the Beck-Tews attack to allow injection of 3 to 7 packets having a size of at most 596 bytes. The Vanhoef-Piessens attack (Vanhoef and Piessens, 2013) significantly improved the Beck-Tews attack, which can inject an arbitrary amount of packets and decrypt arbitrary packets sent to a client. The vulnerability of TKIP is fixed by AES-based CCMP adopted by WPA2.
KRACK attack. The KRACK attack published in 2017 is believed to affect all variants of WPA and WPA2 (Vanhoef and Piessens, 2017). Software patches can resolve the vulnerability but are not available for all devices.
WPA ensures that non-authorized users cannot access the wireless networks and ensure users who legitimately gain access to the networks cannot hack other devices on the same hotspot. WPA is still a configuration option upon a wide variety of wireless routing devices. A survey in 2013 showed that 71% still allowed usage of WPA and 19% exclusively supported WPA (Vanhoef and Piessens, 2013).
- Halvorsen FM, Haugen O, Eian M, Mjølsnes SF (2009) An improved attack on TKIP. In: Nordic conference on secure IT systems. Springer, pp 120–132Google Scholar
- Tews E, Beck M (2009) Practical attacks against WEP and WPA. In: Proceedings of the second ACM conference on wireless network security. ACM, pp 79–86Google Scholar
- Tsitroulis A, Lampoudis D, Tsekleves E (2014) Exposing WPA2 security protocol vulnerabilities. Int J Inf Comput Secur 6(1):93–107Google Scholar
- Vanhoef M, Piessens F (2013) Practical verification of WPA-TKIP vulnerabilities. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security. ACM, pp 427–436Google Scholar
- Vanhoef M, Piessens F (2017) Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 1313–1328Google Scholar