The Internet of Things (IoT) is a new phase in the growth and diversity of the traditional internet network. It aims to turn every detail into a computer capable of computation and networked communication, as shown in Fig. 1.

Fig. 1 Illustration of networked communication of IoT. Source: IEEE Access

IoT is a networking architecture made up of wired and wireless telecommunication networks. The most popular short-range wireless technologies include RFID (Radio Frequency IDentification), Bluetooth, ZigBee, and Wireless Fidelity (Wi-Fi). Wi-Fi is one of the most widely utilized wireless technologies.

What is a Wireless Fidelity (Wi-Fi)?

A wireless communication technology that is based on the IEEE 802.11 standard is known as Wi-Fi. Initially, Wi-Fi permits short-range Wireless Local Area Network (WLAN) deployments with a base transmission speed of 2 Mbps. Subsequently, Wi-Fi has seen substantial evolution in a number of areas, including infrastructural modes, data speed, power management, quality of service, and security. These days, a Wi-Fi network can carry data up to 382 km at 6.75 Gbps. It is frequently utilized in household settings, including homes, hotels, hospitals, colleges, and businesses.

What are the limitations of the Wi-Fi?

The Wi-Fi significantly enhances our system in terms of services, financial benefits, and social development. On the negative side, massive, dispersed, and destructive cyberattacks with potentially serious consequences can be carried out.

It connects many heterogeneous devices, the security configurations of which are unknown. If those gadgets aren't secure, hackers may be able to compromise and take control of them, turning them into their cyber-soldiers—also referred to as zombies or bots. Wi-Fi technology offers many security mechanisms, including availability, integrity, confidentiality, and authentication.

Security Standards for Wi-Fi

The Institute of Electrical and Electronics Engineers (IEEE) published an IEEE 802.11 standard in 1997 that included instructions for setting up a WLAN network, allowing devices to connect wirelessly. At the time of writing, IEEE 802.11 has four primary security protocols implemented:

● Wired Equivalent Privacy (WEP)

● Wi-Fi Protected Access (WPA)

● Wi-Fi Protected Access II (WPA2)

● Wi-Fi Protected Access III (WPA3)

Wired Equivalent Privacy (WEP)

In September 1999, the first protocol for securing wireless networks was introduced, Wired Equivalent Privacy. Compared to slower encryption systems, it increases overall transmission speed by encrypting data using the Rivest Cipher 4 (RC4) stream cipher. A 40-bit shared key and a 24-bit Initialization Vector (IV) are utilized in RC4. It can concatenate the shared key and IV to generate a 64-bit key or use 128-bit keys. It has been observed that WEP is breakable.

Challenges

The main challenges with this standard include

● Because WEP employs shared key authentication, fake data packets can be transmitted.

● Since the initialization vector can be reused, the data can be decrypted using various cryptanalysis techniques.

● Another significant WEP issue is the small size of the keys, which can't be managed well.

WEP is no longer used in new devices and is not regarded as a trustworthy security protocol.

Wi-Fi Protected Access (WPA)

As WEP included severe flaws, new encryption mechanisms called TKIP (Temporal Key Integrity Protocol) were established in 2003. The TKIP mechanism was created to address the cryptographic flaws in WEP without requiring new hardware. It employs the RC4 technique with a longer encryption key than WEP. It computes a code for data integrity known as the MIC (Message Integrity Code) using the Michael algorithm. It includes message integrity checks to prevent tampering. For each packet, a unique 128-bit key is produced dynamically.

Challenges

The significant shortcomings of this standard include the fact that an attacker can easily determine the Temporal Key (TK) if two or more RC4 keys are computed under the same IV. Because of this, WPA is vulnerable to attacks.

Wi-Fi Protected Access 2

The Wi-Fi Alliance in April 2004 offered a new framework with stronger authentication, encryption, and data integrity security methods. WPA2 has been the industry standard for Wi-Fi security and has become the Wi-Fi certification requirement from 2006 to 2020.

Cipher Block Chaining Message Authentication Code Protocol (CCMP) was established. It uses the Advanced Encryption Standard (AES) block cipher for data encryption. CCMP is based on the Counter mode (CTR) and Cipher-Block Chaining (CBC) message verification code. CTR ensures data confidentiality, while the CBC message authentication code ensures authenticity and integrity. A detailed illustration of the CCMP encryption is shown in Fig. 2.

Fig. 2 Detailed illustration of CCMP encryption diagram. Source: MDPI

TKIP is also included to ensure backward compatibility with current hardware. Due to AES's high processing requirements, older hardware must be replaced to use WPA2. This standard defines two alternative authentication modes:

● WPA-Enterprise (also known as Enterprise mode)

● WPA-PSK (also known as Personal mode)

WPA- Enterprise

WPA Enterprise uses a more advanced Extensible Authentication Protocol (EAP), which requires an authentication server. It is ideal for larger organizations with improved security needs

WPA- Personal

In the WPA-PSK, a cryptographic keychain for data integrity, encryption, and authentication is generated using a pre-shared password. It is suitable for home and small business networks.

Challenges

● One drawback of WPA2 is that its deployment requires updated hardware. This is because implementing CCMP and AES necessitates altering the existing hardware.

● It has also been shown that a technique called KRACK (Key Reinstallation Attack) can be used to crack WPA2.

Wi-Fi Protected Access 3

The Wi-Fi Alliance introduced WPA3 as the next generation of Wi-Fi security in June 2018. This standard implements Simultaneous Authentication of Equals (SAE) for improved password-based authentication and has become mandatory for Wi-Fi certification since July 2020. It offers several benefits over WPA2, including

● It addresses vulnerabilities found in WPA2, such as the KRACK vulnerability

● Enhances security for open networks with Opportunistic Wireless Encryption (OWE)

● Improved defense against side-channel assaults and dictionary attacks.

● Provides forward secrecy protecting previously captured data.

It provides for two main modes of operation:

WPA3-Personal

WPA3-Personal is designed for home and small office networks. In this mode, the Simultaneous Authentication of Equals (SAE) replaces the Pre-Shared Key method used in WPA2. SAE provides stronger protection against password-guessing attacks.

WPA3-Enterprise

WPA3-Enterprise is designed for larger organizations and offers more advanced security features. It uses multiple Extensible Authentication Protocol (EAP) methods for authentication. WPA3-Enterprise enhances WPA2-Enterprise with more security features.

By implementing these recommendations and staying informed about the latest Wi-Fi security standards, we can significantly enhance the protection of wireless networks and connected devices.

Summarizing the Key Points

● The evolution of Wi-Fi security protocols from WEP to WPA3 reflects the growing need for robust protection against cyber threats in increasingly connected environments, especially IoT.

● Even though WPA2 has significant improvement over WEP, it still faces the KRACK attack, and there is a need for continuous updates in security standards.

● WPA3 introduces Simultaneous Authentication of Equals, enhancing password-based authentication and providing stronger defenses against password-guessing attacks.