Abstract
The presence of wireless communication grows undeniably more prevalent each year. Since the introduction of the IEEE 802.11 standard for Wireless Local Area Networks (WLAN) in 1997, technologies have progressed to provide wireless accessibility to industries and consumers with growing ease and convenience. As the usage of personal devices, such as phones and watches, that connect to the Internet through Wi-Fi increases, wireless attacks on users are becoming more critical. This paper provides a novel attack model to offer an organized and comprehensive view of the possible attacks on Wi-Fi latest security standards. All existing attacks will be investigated, with emphasis on more recent attacks, such as the KRACK and PMKID Dictionary attacks. The main contribution of this paper is to analyze the technology offered in the new Wi-Fi Protected Access III (WPA3) security scheme and provide the first comprehensive security analysis and discussion to determine whether it has addressed the vulnerabilities of its predecessor. An interesting finding of this paper is that WPA3 still lacks in addressing all the issues existing in WPA2 and exploring other mitigations for future research.
Highlights
In 1997, a standard was released by the Institute of Electrical and Electronics Engineers (IEEE)that set guidelines for creating a network in which devices could connect to each other wirelessly, known as Wireless Local Area Network (WLAN)
At the time of writing, three main security protocols have been implemented for IEEE 802.11: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2)
The client and the Access Point (AP) will communicate certain information to each other so that the other can create several keys individually to arrive at an agreed upon key, the Pairwise Transient Key (PTK), which will be the fresh session key used for safe encrypted data transmission for that particular connection
Summary
If no security measures are implemented in a WLAN system, there is nothing stopping an attacker from joining a network and capturing traffic or injecting his/her own malicious traffic. The main contribution of this paper is to provide the first analysis of the security provided by WPA3 to a Wi-Fi network and identify which attacks must be addressed in future research in Sections 4 and 5. Other mitigation methods for the remaining issues not addressed by WPA3 are given in Section 6, and 7 concludes the paper with closing remarks and future research
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have