Sabuwar yarjejeniya don kare hanyoyin sadarwar Wi-Fi da Wi-Fi Alliance suka sanar a cikin Janairu 2018. WPA3, me ake tsammani a baza shi sosai kafin karshen wannan shekarar.
Wannan shi ne gina a kan ainihin abubuwan haɗin WPA2 kuma zai kawo ƙarin fasali don sauƙaƙe saitin tsaro na Wi-Fi don masu amfani da masu ba da sabis, yayin inganta kariyar tsaro.
Waɗannan sun haɗa da sabbin abubuwa huɗu don keɓaɓɓun hanyoyin sadarwar Wi-Fi.
Dangane da Wi-Fi Alliance, biyu daga waɗannan siffofin za su ba da kariya mai ƙarfi koda kuwa masu amfani sun zaɓi kalmomin shiga waɗanda ba sa biyan shawarwari game da rikitarwa.
A takaice dai, WPA3 na iya sanya cibiyoyin Wi-Fi na jama'a amintattu, yana sa ya zama da wuya ga mutum a kan hanyar sadarwar da aka buɗe ya katse bayanan da wasu na'urori suka aiko a kan hanyar sadarwa ɗaya.
Amma wani sabon rahoto da aka buga da masu bincike biyu daga Jami'ar New York da Jami'ar Tel Aviv, da alama a ce ba haka bakamar yadda yake a cikin wasu hanyoyin tsaro da aka yi amfani da su a cikin sabuwar yarjejeniya ta hanyar nuna wasu matsalolin da ke tattare da su.
Ba a fara aiwatar da WPA3 ba kuma ya riga ya zama mai wahala
Binciken ku, an bayyana Labarin yana mai da hankali kan yarjejeniyar SAE Handshake WPA3. Wannan bincike ya nuna cewa WPA3 yana fama da lahani daban-daban na zane kuma mafi mahimmanci, zai zama mai sauƙi ga "hare-haren ɓata kalmar sirri".
Koyaya, ɗayan mahimman canje-canje waɗanda yarjejeniya ta WPA3 ta gabatar shine tsarin tabbatar SAE (urrentwarewar Pewararrun erwararru).
Wannan wata dabara ce da ke ba da fifiko sosai kan tabbatarwa, lokaci ne mai matukar wahala wanda kulawar tsarin tsaro zai kasance yana aiki don rarrabe tsakanin haɗin kai na yau da kullun da kutse.
Wannan sabuwar, ingantacciyar hanyar da ta fi dacewa ta maye gurbin PSK (Pre-Shared Key) hanya da take aiki tun bayan fitowar WPA2 a 2004.
An gano wannan hanyar ta ƙarshe ta hanyar fasahar KRACK. SAE ya yi tsayayya da waɗannan hare-haren, da kuma hare-haren ƙamus da aka yi amfani da su a cikin cryptanalysis don nemo kalmar sirri, a cewar IEEE Spectrum.
A takaice dai, a cewar rahoton wadannan masu binciken guda biyu daga Jami'ar New York Mathy Vanhoef, Takaddun shaida na WPA3 na nufin amintar da hanyoyin sadarwar Wi-Fi kuma yana ba da fa'idodi da yawa akan wanda ya gabace shi WPA2, kamar kariya daga harin kamus na kan layi.
Duk da haka,, a cewar Vanhoef da Ronen, WPA3 yana da lahani masu tsanani, musamman cikin sharudda na inji SAE Tantance kalmar sirri, wanda aka fi sani da Dragonfly.
A cewar su, Hare-hare na dragon zai iya shafar hare-hare da ake kira "Hari harin rabuwa da kalmar shiga".
Sun bayyana cewa wadannan hare-hare suna kama da harin kamus kuma bawa abokin hamayya damar dawo da kalmar sirri ta hanyar zagin gefe ko kwararar tashar ruwa.
Baya ga wannan, sun gabatar da cikakken bayani game da WPA3 kuma sun yi imanin cewa hanyoyin hana cunkoso na SAE ba su hana ƙaryatãwa game da hare-haren sabis.
Ta yaya hare-haren ma'aikata ke aiki?
Musamman ta hanyar amfani da abubuwan kariya na SAE Handshake a kan sanannun tashoshi na biyu, na'urar tare da iyakance albarkatu iya ɗaukar nauyin masarrafar hanyar samun dama ƙwararre
Bugu da kari, suka za'ayi adadi mai yawa na hare-hare akan hanyoyin daban-daban wanda ya hada da yarjejeniyar WPA3, kamar kamus na kamus akan WPA3 yayin aiki a yanayin canzawa, kai hari kan microarchitecture gefen cache akan SAE Handshake, da yi amfani da damar don nuna yadda za'a iya amfani da lokacin da aka dawo da kuma bayanan da aka tanada don aiwatar da "harin bangare na kalmar wucewa" ba tare da layi ba.
Wannan yana bawa maharin damar dawo da kalmar sirri da wanda abin ya shafa yayi amfani da ita.
A ƙarshe, sun bayyana bayan sunyi nazari kan yiwuwar yiwuwar kai hare-hare akan musafiha WPA3 SAE.
A cewar su, wannan ya tabbatar da cewa harin sync abu ne mai yiyuwa da kuma cewa kalmar sirri bayanai batattu. Rahoton ya yi cikakken bayani game da wadannan hare-hare daban-daban na Vanhoef da Ronen kuma suna ba da shawarar hanyoyin magancewa don daidaita daidaituwar.
A cewar matsayar tasu, WPA3 ba shi da tsaro da ake buƙata don a yi la’akari da mizanin tsaro na zamani kuma yana buƙatar ci gaba da haɓaka kafin a karɓe shi ko'ina.