Situation
The current Wi-Fi encryption protocol WPA2 has a weakness when joining a new node into network. A man-in-the-middle within the wireless coverage can manipulate, KRACK, the handshake procedure and reset the WPA2 encryption using all-zero keys. The assumed encryption is then substituted by a simple coding. Thea weakness is in the standards itself and affects all modern Wi-Fi networks.The Wi-Fi Alliance has announced a new standard, WPA3, will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface. It will also include individualised data encryption when using public access network.
Solution
The Wi-Fi Protected Access 3 (WPA3) standard will be published later this year, but currently it seems to include:
- 192-bit key aligned with the Commercial National Security Algorithm
- Opportunistic Wireless Encryption which establishes encryption without authentication
- Protection against weak passwords and brute-force dictionary -based attacks
- Individualised data encryption when accessing open networks.
Once the standard is published, it will take months for device manufacturers to support it in their devices. First compliant devices may be shipped in the end of this year.
What to do
The following general advice may apply:
- The WPA2 vulnerability can be exploited only within the range of the Wi-Fi transceiver so all sensitive Wi-Fi should be positioned and effective radiated power configured so that outsiders find it hard to tap.
- A second layer of encryption should be established end-to-end (e.g., https, IPSEC, SSH) to protect the actual communication (COMSEC) and keep user identities and passwords safe together with the content.
- All sensitive Wi-Fi devices should be planned to be renewed within next two years.
References
- https://www.helpnetsecurity.com/2017/10/16/wpa2-weakness/
- https://www.theverge.com/2018/1/9/16867940/wi-fi-alliance-new-wpa3-security-protections-wpa2-announced
- https://latesthackingnews.com/2018/01/12/wpa3-new-wi-fi-standard-improve-security/
- https://thehackernews.com/2018/01/wpa3-wifi-security.html
No comments:
Post a Comment