Abstract
In December 2019, the Wi-Fi Alliance published version 2 of WPA3, the new certification program for Wi-Fi devices that updates WPA2. This new version of WPA3 addresses, amongst other things, one of the crucial weaknesses of WPA2: in many practical deployments of enterprise Wi-Fi networks—i.e., networks in which users have personalized credentials—a device may easily be attacked by fraudulent access points claiming to have the name of the targeted network (evil twins). In this work, we present the mechanisms that WPA3 version 2 has introduced for mitigating these risks, which have become more and more relevant in recent years. We discuss the defensive power and potential impact of the various options available. Understanding the resulting scenario is important because WPA3 will determine the behavior of such a fundamental and widespread technology as enterprise Wi-Fi for many years, yet WPA3 enterprise networks may still be configured in a way that could not provide much better defensive power than WPA2.
Highlights
In April 2018, the Wi-Fi Alliance published the technical details of the WPA3 certification program for Wi-Fi devices
In December 2019, the Wi-Fi Alliance published version 2 of WPA3 [1]. This new version addresses, amongst other things, one of the crucial weaknesses of WPA2 that was not addressed in the first version of WPA3 and that affects enterprise Wi-Fi networks—i.e., networks in which each user has personalized credentials for all of his/her devices; in many practical deployments, a device may be attacked by fraudulent access points claiming to have the name of the targeted Wi-Fi network [2]
WPA2 assumes that each device needs be configured, before connecting, with certain identity information tailored to the specific enterprise network of interest, and that the device verifies at the connection time that the identity claimed by the network matches the identity specified in the configuration [1,8,9]
Summary
In April 2018, the Wi-Fi Alliance published the technical details of the WPA3 certification program for Wi-Fi devices. In December 2019, the Wi-Fi Alliance published version 2 of WPA3 [1] This new version addresses, amongst other things, one of the crucial weaknesses of WPA2 that was not addressed in the first version of WPA3 and that affects enterprise Wi-Fi networks—i.e., networks in which each user has personalized credentials for all of his/her devices; in many practical deployments, a device may be attacked by fraudulent access points claiming to have the name of the targeted Wi-Fi network (evil twins) [2]. Attacks aimed at stealing network credentials may occur potentially anywhere and are virtually impossible to detect; they are executed automatically, in less than a second of proximity to an evil twin (which may be hidden within a small bag, for example) and without any need to involve the device owner in a working session [10].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
