PRESENTATION

on
“Wpa3”

1
 Introduction
WPA3 is security protocol
developed by the Wi-Fi Alliance to
secure wireless computer
networks.
Wireless security protocols are
• WEP
• WPA
• WPA2
Fig 1: Security protocol-WPA3

2
 HISTORY
• The WEP was implemented in 1999.
• The WPA system was implemented in 2003.
• However, in 2004 an even stronger security system named WPA2 was
implemented.
• In January 2018, Wi-Fi Alliance announced the release of WPA3 with
several security improvements over WPA2

3
 KEY objectives of security

• Authentication
• Confidentiality
• Access Control
• Integrity

4
 WEP
• WEP is Wired Equivalent Privacy or wireless Encryption Protocol.
• It uses RC4 stream cipher, using a 64-bit key.
• WEP protocol is applied through the following three steps :
• CRC (Cyclic Redundancy Code) message is calculated and added to the
original message to provide data integrity.
• The second step in WEP protocol application is encryption.
• • The last step is to transmit sequence IV and encrypted message.

5
Fig 2: WEP Protocol execution

6
Initialization Vector (IV)

Fig 3: Static WEP key put in RC4 outputs static

keystream bytes

WEP Key is of a fixed length and is static,

In order to randomize the output keystream bytes. The IV is a

24-bit randomized value. The IV is then pre-pended to the WEP
key and fed as input to the RC4 Algorithm so that the output
keystream bytes will be randomized.

Fig 4: Initialization vector along with key

7
 WPA
• The Wi-Fi Protected Access (WPA) is an improved version of WEP.
• Uses Temporal Key Integrity Protocol or (TKIP) .
• Expands the size of the IV space from 24 bits to 48 bits.
• allows a random key generation which disables attacks based on
statistical analysis. WPA includes some improved
• properties such Message integrity code (MIC) and key hash function
to avoid IV attacks.
• WPA provides stronger data encryption (weak in WEP) and user
authentication (largely missing in WEP).

8
Fig 5: WPA Encapsulating process

9
 WPA2
• WPA uses AES instead of RC4 for encryption
• In WPA2,four-way handshake uses to secure Wi-Fi connections using
a Pre-Shared Key (PSK).
• When a client want to join a Wi-Fi network, a 4- way handshake is
executed between client and network. The purpose of this 4- way
handshake is to verify the client credentials.

10
 Four-way handshake
• 4-Way Handshake
• Confirm that the client holds the
PMK.
• Confirm that the PMK is correct and
up-to-date.
• Create pairwise transient key (PTK)
from the PMK.
• Install the pairwise encryption and
integrity keys into IEEE 802.11.
• Transport the group temporal key
(GTK) and GTK sequence number
from Authenticator to Supplicant and
install the GTK and GTK sequence
number in the STA and, if not already
installed, in the AP. Fig 6: Four way handshake
• Confirm the cipher suite selection.

11
 Attacks
• Denial of services (Dos) attacks
• Brute force attacks
• Man-in-the-middle attacks
• KRACK attack

12
 KRACK attack

Fig 7: WPA2 security Fig 8: Key reinstallation Attack

13
 WPA3
• WPA3 uses 128-bit encryption in WPA3 and forward secrecy.
• It also replaces the Pre-Shared Key exchange with Simultaneous
Authentication of Equals resulting in a more secure initial key
exchange.
• WPA3 will mitigate security issues posed by weak passwords and
simplify the process of setting up devices with no display interface.

14
WPA3 adds 4 main features to strengthen
security and privacy over Wi-Fi.
• WPA3 security eliminate all the known security risk and attacks that
are up today including the key reinstallation attacks (KRACK)
• The wpa3 security adds four features that are not found in wpa2.
These features are as follows
• A more secure handshake
• Open Wi-Fi network security
• Enables easy connectivity to devices without display
• 192-bit security suite

15
 Features
• More secure handshake – Simultaneous Authentication of Equals
(SAE) protocol (aka the Dragonfly handshake) requires a new
interaction with the network every time a device requests an
encryption key, slowing down the rate of an attempted attack and
making a password more resistant to dictionary and brute force
attacks. It also prevents offline decryption of data.
• Replacement of Wi-Fi protected setup (WPS) – a simpler way to
securely add new devices to a network using the Wi-Fi Device
Provisioning Protocol (DPP), which allows you to securely add new
devices to a network using a QR code or a password. Easy
Connect makes setup especially easy for connected home and IoT
devices.
16
• Unauthenticated encryption – Better protection when using public
hotspots using Wi-Fi Enhanced Open which provides
unauthenticated encryption, a standard called Opportunistic
Wireless Encryption (OWE).
• Bigger session key sizes – WPA3-Enterprise will support key sizes
the equivalent of 192-bit security during the authentication stage,
which will be harder to crack.

17
Words of warning from the finders of the
KRACK flaw
• SAE handshake – If the SAE handshake is not carefully implemented,
it may be vulnerable to side-channel attacks, which describes as
attacks based on information about a software implementation. It
appears exploitable vulnerabilities arising from incorrect
configurations cannot be avoided even by WPA3.
• Unauthenticated encryption – While the use of Opportunistic
Wireless Encryption (OWE) will strengthen user privacy in open
networks.

18
Conclusion
• As of recently, we've seen three security plans, WEP, WPA, and WPA2,
and demonstrated that every one of them has their very own
vulnerabilities . It is essential to comprehend past, ended plans to
have the capacity to make new, more secure plans, likeWPA3. The
new plan fixes to a considerable lot of the issues present in WPA2,
including disconnected word reference attacks, and the KRACK
powerlessness.

19
 References
• "Understanding WEP Weaknesses". Wiley Publishing. Retrieved 2010-
01-10.
• "WPA2 Security Now Mandatory for Wi-Fi CERTIFIED Products". Wi-Fi
Alliance. Retrieved 2013-02-28.
• "KRACK Attacks: Breaking WPA2". Krackattacks.com. Retrieved 16
October 2017.
• Reddy, S. Vinjosh, et al. "Wireless hacking-a WiFi hack by cracking
WEP." Education Technology and Computer (ICETC), 2010 2nd
International Conference on. Vol. 1. IEEE, 2010.
• Jump up^ Chacos, Brad; Simon, Michael. "KRACK Wi-Fi attack
threatens all networks: How to stay safe and what you need to
know". PCWorld. Retrieved 2018-02-06.

20
 Refernces
• De Rango, Floriano, Dionigi Cristian Lentini, and Salvatore Marano.
"Static and dynamic 4-way handshake solutions to avoid denial of
service attack in Wi-Fi protected access and IEEE 802.11 i." EURASIP
Journal on Wireless Communications and Networking 2006.1 (2006):
047453.
• Sakib, AKM Nazmus, et al. "Security Improvement of WPA 2 (Wi-Fi
Protected Access 2)." IJEST 3.1 (2011).

21
Thank you

22