Skip to menu Skip to content Skip to search
The stellar community blog

WPA3: how to prevent KRACK attacks on your Wi-Fi networks?

by Louise
Posted11.25.19 Cybersecurity Security Wi-Fi 6
Partager sur facebook Partager sur twitter Partager sur linkedin
Krack Attack and WPA3

There is a serious flaw in WPA2 protocol which can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and much more. Hackers can get access to information that was previously assumed to be encrypted. This is done by exploiting the 4-way handshake and learning the encryption key.

The proof-of-concept exploit is called KRACK – Key Reinstallation Attacks.

KRACK allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.


1- WPA3 for more security


Wi-Fi 5 offers the WPA3 security which is the first major security improvement to Wi-Fi in about 14 years and protects Wi-Fi networks from KRACK attacks.

WPA3 is an update version more secure of Wifi Protected Access Protocol, it is very useful to secure wireless network.

WPA3 offers better security against brute force “dictionary” attacks, more secure public Wi-Fi and stronger encryption. WPA3 uses 128-bit or 192-bit encryption.  Essentially the more bits, the better security and less chance of exploiting the key. 128-bit is used for personal networks and the 192-bit encryption is used for “enterprise” networks.

Some of the most unsecure Wi-Fi networks are in public places, like coffee shops, airports etc. These networks are normally encrypted because they are “open” networks. WPA3 has a mechanism called “Opportunistic Wireless Encryption”, OWE, that prevents eavesdropping on “open” networks. So even these networks are encrypted and will have a level of security.

Alcatel-Lucent Enterprise’s OmniAccess Stellar products support WPA3 on all access points. This is major benefit to customers who want to maximize security on the Wi-Fi 5 network without being required to upgrade their system to Wi-Fi 6.


Another security feature is Alcatel-Lucent Enterprise’s unique IoT containment technology which connects any Wi-Fi device securely and automatically. This is a simple and cost-efficient way to virtually segment your network versus physically segmentation which can be a very costly implementation.

Alcatel-Lucent Enterprise also provides scanning dedicated radio on all Wi-Fi 6 access points for improved security and interference avoidance.

Alcatel-Lucent Enterprise provides maximum security for your Wi-Fi 5 or Wi-Fi 6 deployment with simplified operations in a cost-efficient way.


2- Methods of WPA3 (Wi-Fi Protected Access 3): How does it work?


In WPA3-Personal mode: 128-bit encryption and 192-bit for Enterprise. With the use of Simultaneous Authentication of Equals, WPA3 replaces the PSK (Pre-Shared Key) for more security in key exchange.

Mecanisme authentication SAE (Simultaneous Authentication of Equals), this protocol do not transmit a password easily, but transmit an ID derivate from the password. It’s more difficult for an hacker to find the value of the password. This system is called DPP for Wi-Fi Device Provisioning Protocol. It replaces the readily exploitable Wi-Fi Protected Setup (WPS).

Furthermore, SAE uses the “forward secrecy” protocol.  This protocol means that even if a private key is compromised the perpetrator would have limited data because SAE uses a new encryption password for every connection. So, once they disconnect, they would not know the new key.

One of the advantages of DPP is devices can join a network through QR codes or NFC tags. The security is also improved for open Networks, such as education areas, hotels, auditoriums.

Last but not least, always update your device software and use encrypted https websites whenever possible.




Please wait...

Post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.