International Journal of Wireless and Microwave Technologies (IJWMT)
IJWMT Vol. 15, No. 4, 8 Aug. 2025
Cover page and Table of Contents: PDF (size: 2754KB)
Evaluating the Effectiveness of WPA3 Protocol against Advanced Hacking Attacks
PDF (2754KB), PP.1-18
Views: 0 Downloads: 0
Author(s)
Index Terms
Wi-Fi Security, WPA2, WPA3, deauthentication attack, dictionary attack, evil twin attack, Penetration testing
Abstract
Personal Mode Home Wi-Fi networks are an integral part of our daily lives, providing convenience and ease of access to the Internet. However, many people believe that modern encryption protocols such as Wi-Fi Protected Access3 (WPA3) provide sufficiently strong protection. This research aims to evaluate the effectiveness of encryption protocols used in home Wi-Fi networks, focusing on the currently most widely used Wi-Fi Protected Access2 (WPA2) protocol and the newer and more secure WPA3 protocol, and the effectiveness of the Protected Management Frames (PMF) against deauthentication attacks. A penetration test was conducted in a controlled, secure environment using a set of specialized tools such as Aircrack-ng, Fluxion, Bettercap, and Wireshark to assess the vulnerability of these networks to various attacks. The research results showed that home Wi-Fi networks using WPA2 protocol and WPA3 protocol (who support transitional mode) are vulnerable to hacking. deauthentication attacks and dictionary attacks were successful in hacking networks, especially when the passwords were weak or could be guessed. In addition, evil twin attacks using the captive portal approach have been proven effective in penetrating networks that use WPA2 and WPA3 (even when they do not support transitional mode) by exploiting weaknesses in user behavior. The results also show that deauthentication attacks are still effective before establishing a 4-way handshake. This paper proposes some countermeasures to reduce the risk of home network penetration.
Cite This Paper
Asmaa A. Ghanim, Mohammed Y. Thanoun, "Evaluating the Effectiveness of WPA3 Protocol against Advanced Hacking Attacks", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.15, No.4, pp. 1-18, 2025. DOI:10.5815/ijwmt.2025.04.01
Reference
[1]A. Efe and M. B. Kaplan, “Wi-fi security analysis for E&M-Government applications,” Int. J. Multidiscip. Stud. Innov. Technol., vol. 3, no. 2, pp. 86–98, 2019.
[2]S. Xie, X. Zhu, and J. Shen, “Method and system for automatically adapting to Wi-Fi network with hidden SSID,” Oct. 30, 2018, Google Patents.
[3]M. Z. Masoud, Y. Jaradat, and M. Alia, “IEEE802. 11 Access Point’s Service Set Identifier (SSID) for Localization and Tracking.,” Comput. Mater. Contin., vol. 71, no. 3, 2022.
[4]S. Perumal, M. Tabassum, G. Narayana Samy, S. Ponnan, A. K. Ramamoorthy, and K. J. Sasikala, “Cybercrime issues in smart cities networks and prevention using ethical hacking,” in Data-Driven Mining, Learning and Analytics for Secured Smart Cities: Trends and Advances, Springer, 2021, pp. 333–358.
[5]F. Holik, J. Horalek, O. Marik, S. Neradova, and S. Zitta, “Effective penetration testing with Metasploit framework and methodologies,” in 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), IEEE, 2014, pp. 237–242.
[6]C. P. Kohlios and T. Hayajneh, “A comprehensive attack flow model and security analysis for Wi-Fi and WPA3,” Electronics, vol. 7, no. 11, p. 284, 2018.
[7]D. Schepers, A. Ranganathan, and M. Vanhoef, “On the robustness of Wi-Fi deauthentication countermeasures,” in Proceedings of the 15th ACM conference on security and privacy in wireless and mobile networks, 2022, pp. 245–256.
[8]R. Lakshmi, A. Sharma, S. Bhuvan, B. Chinmay, and G. M. Megha, “Comparative Analysis of Security and Privacy Protocols in Wireless Communication”.
[9]J. Cathcart and T. Khan Mohd, “Password Hacking Analysis of Kali Linux Applications,” in International Conference on Intelligent Sustainable Systems, Springer, 2023, pp. 815–828.
[10]L. Wang, C. T. Chen, and C. M. Tsai, “Research on cracking WIFI wireless network using Kali-Linux penetration testing software,” in Third International Conference on Digital Signal and Computer Communications (DSCC 2023), SPIE, 2023, pp. 378–382.
[11]M. A. C. Aung and K. P. Thant, “Detection and mitigation of wireless link layer attacks,” in 2017 IEEE 15th international conference on software engineering research, management and applications (SERA), IEEE, 2017, pp. 173–178.
[12]A. Sari and M. Karay, “Comparative Analysis of Wireless Security Protocols: WEP vs WPA,” Int. J. Commun. Netw. Syst. Sci., vol. 08, no. 12, pp. 483–491, 2015, doi: 10.4236/ijcns.2015.812043.
[13]I. S. Al-Mejibli and N. R. Alharbe, “Analyzing and evaluating the security standards in wireless network: A review study,” Iraqi J. Comput. Informatics, vol. 46, no. 1, pp. 32–39, 2020.
[14]G. Mironov, “Challenges of Wireless Security in the Healthcare Field: A study on the WPA3 standard,” 2020.
[15]A. Halbouni, L.-Y. Ong, and M.-C. Leow, “Wireless Security Protocols WPA3: A Systematic Literature Review,” IEEE Access, 2023.
[16]M. K. Kissi and M. Asante, “Penetration testing of IEEE 802.11 encryption protocols using Kali Linux hacking tools,” Int. J. Comput. Appl., vol. 975, p. 8887, 2020.
[17]A. H. Adnan et al., “A comparative study of WLAN security protocols: WPA, WPA2,” in 2015 International Conference on Advances in Electrical Engineering (ICAEE), IEEE, 2015, pp. 165–169.
[18]A. Sari and M. Karay, “Comparative analysis of wireless security protocols: WEP vs WPA,” Int. J. Commun. Netw. Syst. Sci., vol. 8, no. 12, p. 483, 2015.
[19]E. Lamers, R. Dijksman, A. Van Der Vegt, M. Sarode, and C. De Laat, “Securing home Wi-Fi with WPA3 personal,” in 2021 IEEE 18th Annual Consumer Communications and Networking Conference, CCNC 2021, Institute of Electrical and Electronics Engineers Inc., Jan. 2021. doi: 10.1109/CCNC49032.2021.9369629.
[20]B. Scheuermann, “Model based fuzzing of the WPA3 Dragonfly handshake,” 2019, MS thesis, Humboldt-Universität zu Berlin, Germany.
[21]I. Despotopoulos, “Wireless local area network security and modern cryptographic protocols: WEP & WPA1/2/3,” 2024.
[22]M. Vanhoef and E. Ronen, “Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd,” in Proceedings - IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., May 2020, pp. 517–533. doi: 10.1109/SP40000.2020.00031.
[23]W.-F. Alliance, “Generational Wi-Fi User Guide,” URL https//www. wi-fi. org/download. php, 2020.
[24]D. Schepers, A. Ranganathan, and M. Vanhoef, “Let numbers tell the tale: measuring security trends in wi-fi networks and best practices,” in Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 100–105.
[25]M. Vink, E. Poll, and A. Verbiest, “A comprehensive taxonomy of wi-fi attacks,” 2020, Radboud University Nijmegen Nijmegen, The Netherlands.
[26]M. Vanhoef, N. Bhandaru, T. Derham, I. Ouzieli, and F. Piessens, “Operating channel validation: Preventing multi-channel man-in-the-middle attacks against protected wi-fi networks,” in WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc, Jun. 2018, pp. 34–39. doi: 10.1145/3212480.3212493.
[27]K. Lounis, S. H. H. Ding, and M. Zulkernine, “Cut It: Deauthentication attacks on protected management frames in WPA2 and WPA3,” in International symposium on foundations and practice of security, Springer, 2021, pp. 235–252.
[28]J. Bellardo and S. Savage, “802.11 {Denial-of-Service} attacks: Real vulnerabilities and practical solutions,” in 12th USENIX Security Symposium (USENIX Security 03), 2003.
[29]R. A. C. Ferreira, “A probability problem arising from the security of the temporal key hash of wpa,” Wirel. Pers. Commun., vol. 70, pp. 1235–1241, 2013.
[30]M. Dandotiya, “A Secure Detection Framework for ARP, DHCP, and DoS Attacks on Kali Linux,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 10, no. 7, pp. 3044–3053, Jul. 2022, doi: 10.22214/ijraset.2022.42176.
[31]M. Patel, P. P. Amritha, and R. Sam Jasper, “Active dictionary attack on WPA3-SAE,” in Advances in Computing and Network Communications: Proceedings of CoCoNet 2020, Volume 1, Springer, 2021, pp. 633–641.
[32]V. Ramachandran and C. Buchanan, Kali Linux Wireless Penetration Testing Beginner ’ s Guide. 2015. [Online]. Available: https://www.programmer-books.com/kali-linux-wireless-penetration-testing-beginners-guide/
[33]V. Manjunath Honnamma, “SPECIFICATION-BASED INTRUSION DETECTION SYSTEM FOR 802.11 NETWORKS USING INCREMENTAL DECISION TREE CLASSIFIER,” 2018.
[34]O. Nakhila, A. Attiah, Y. Jin, and C. Zou, “Parallel active dictionary attack on WPA2-PSK Wi-Fi networks,” in MILCOM 2015-2015 IEEE Military Communications Conference, IEEE, 2015, pp. 665–670.
[35]N. MM, V. Kothamasu, and N. Kenchaiah, “Method to support iPSK for WPA3 clients as well as reduce Online Dictionary Attacks,” 2022.
[36]A. Wakhloo, “Client-side Evil-Twin access point detection using beacon-frame delay and wireless network parameter deviation,” 2023.
[37]P. Cisar and R. Pinter, “Some ethical hacking possibilities in Kali Linux environment,” J. Appl. Tech. Educ. Sci. jATES, vol. 9, no. 4, pp. 129–149, 2019, [Online]. Available: http://doi.org/10.24368/jates.v9i4.139http://jates.org