Wireless Security Protocols WPA3: A Systematic Literature Review

The size of wireless networks and the number of wireless devices are growing daily. A crucial part of wireless security involves preventing unauthorized access by using wireless security protocols in order to protect the data in wireless networks. In 2018, Wi-Fi Protected Access 3 (WPA3) was ratified to protect the data in devices bearing the Wi-Fi trademark. WPA3 has many security improvements over previous wireless security protocols, by providing a better encryption method and key sharing. In this paper, a Systematic Literature Review (SLR) was conducted to analyze three aspects of WPA3 protocol: the reasons behind the release of WPA3, the encryption methods and mode of operation in this protocol, and the attacks that remain penetrating WPA3. In this review, thirty-six articles were identified as the selected research articles, written between 2018 and 2023, focusing mainly on WPA3. After the analysis of the selected articles, the encryption methods and modes of operation were presented in the SLR. In addition, the vulnerabilities that the WPA3 protocol solved and the ones that remain unsolved were discussed. This study concluded that WPA3 excels over its predecessors by providing more security and reliability to wireless networks. The result of this SLR of WPA3 proposes two methods that seek to increase the security level of WPA3 networks, which has been discussed in the discussion section.


I. INTRODUCTION
The most common type of network is wireless networks, which connect devices without using cables to exchange data.Wireless networks are expanding continuously, whether for public use at the corporate level or for personal usage at home.Wi-Fi has become an essential and normal part of our daily lives.When explaining wireless terminologies, the terms Wireless Local Area Network (WLAN) and Wi-Fi are usually used interchangeably.WLAN is a type of network where data is exchanged wirelessly using high-frequency radio waves.Wi-Fi refers to the family of wireless network protocols known as IEEE 802.11 that can build WLANs.The data in the wireless network is propagated in a wireless medium, making it insecure against internal and external security threats, where anybody who breaches wireless security can access the network.Wireless networks have security The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Mueen Uddin .risks, hence various protocols have been developed throughout time to offer security against various risks.In 1997, the 802.11WLAN standard is introduced by the Institute of Electrical and Electronic Engineers (IEEE).Various wireless security standards were developed to be employed in the wireless networks used in homes, offices, and public areas [1].Wired Equivalent Privacy (WEP) was the first security protocol to be released, and in 2004, it became deprecated.After WEP, Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) were introduced with the IEEE 802.11i standard.WPA was introduced in 2003.After WPA was proven to have major flaws and vulnerabilities, it was replaced by WPA2 in 2004 and is still being used until now.Finally, Wi-Fi Protected Access 3 (WPA3) was released in 2018 to solve all the shortcomings of its predecessors by providing high protection and usability for its users [2].
The advancement of WPA3's encryption and encoding methods proved its ability to deliver higher security levels to both personal and enterprise users.When investigating related works on WPA3, the results show that WPA3 is implemented to overcome the previous security protocols in addition to the vulnerabilities solved by WPA3 and the ones that remain unsolved.However, at the time of conducting this work, there was no research focusing on providing a systematic literature review purely on WPA3.Even though WPA3 is still new, some review papers on wireless security have included it to compare it with its predecessors.
Several studies on cybersecurity threats and vulnerabilities of wireless security protocols can be found in [3] and [4].Both research discussed how wireless networks are attacked using the design flaws in WEP, WPA, and WPA2.The vulnerabilities in WEP, WPA, and WPA2 protocols are mentioned in [3], while [4] presented an evaluation among the wireless security protocols based on encryption, authentication methods, and wireless security requirements, besides including a comparison among WEP, WPA, WPA2, and WPA3.
A review has been conducted to examine the danger of Wi-Fi networks and the insecure reasons among WEP, WPA, WPA2, and WPA3 [5], [6].However, [5] only focused on mentioning the vulnerabilities in these protocols without giving practical countermeasures to avoid them and in [6] mentioned the vulnerabilities in addition to suggestions added to WPA3 to update the protocol.
To the best of our knowledge, there is no systematic literature review (SLR) focusing solely on the security certificate WPA3.Therefore, this systematic review presents an extensive research study on the reasons behind the release of WPA3, the encryption methods and mode of operation in this protocol, and unsolved vulnerabilities of the wireless security protocol WPA3.This SLR is conducted based on Kitchenham and Charter's method [7].The primary aim of this work is to provide SLR of WPA3 to help researchers know more about WPA3.The contributions of this systematic review are summarized as follows: 1. Showing the reasons behind the release of the WPA3 protocol.2. Discuss the main features of each wireless security protocol and their related attacks.3. Highlights the vulnerabilities of WPA3 that remain unsolved.In addition to provide a discussion of attacks in WPA3 between the years 2018 and 2023.4. Propose two methods to improve the security of WPA3 protocol.The remainder of this paper is structured as follows: Section II provides a brief description of the current state of wireless security protocols.The method used in this work is in section III.Section IV explains the results obtained from the selected papers and a discussion.Section V defines the limitations of the study and the conclusion is given in Section VI.

II. WIRELESS SECURITY PROTOCOL
This section describes the wireless security protocols in terms of the authentication process and vulnerabilities, starting with WEP until WPA3.

A. WIRED EQUIVALENT PRIVACY (WEP)
WEP was introduced to provide security for wired LANs by encryption.It is based on Rivest Cipher 4 (RC4) encryption to increase the speed of communication [4].The encryption key of WEP is 64-bit composed of a secret key of 40-bit long with a 24-bit initialization vector (IV) concatenated to it.WEP uses Cycle Redundancy Check known as CRC-32 to compare the plaintext to Integrity Check Value (ICV) for integrity [1].
WEP has proven to be vulnerable and easy to be broken [4].In 2003, free software was able to crack the WEP's passwords within minutes.Another vulnerability in WEP is its ability to broadcast fake data packets because of the shared key authentication, which makes it easy for an attacker to forge an authentication message.The reuse of the initialization vector also makes WEP weak, where different cryptanalysis methods can decrypt the data.Other attacks can be found in [1].In 2004, the Wi-Fi Alliance officially abandoned the WEP protocol [4], [8].

B. Wi-Fi PROTECTED ACCESS (WPA)
WPA was released to tackle the issues in WEP without the need of changing the hardware.It was only firmware upgradation required to uplift the security aspect based on the same hardware.WPA uses Temporal Key Integrity Protocol (TKIP) for encryption where it uses RC4 to generate other keys.In WPA, 128-bit per packet is generated dynamically.The Pre-Shared Key (PSK) is a static key used to initiate communication between two parties.To authenticate the wireless devices, a 256-bit is used, but it is never transmitted over the air.The encryption key and Message Integrity Code are derived from the PSK.The 4-way handshaking mechanism is used to provide for key management [8], [9].
The main vulnerability in WPA is in RC4, where having keys computed under the same initialization vector makes it easy to compute the Temporal Key by an attacker.Another vulnerability is when there is a poor password, then it is vulnerable to brute force attacks where a dictionary attack can be used if the password is less than 20 characters [8].Other attacks can be found in [1].
WPA2 was able to deliver a significant enhancement over the previous security protocols.The big difference was in its encryption method.WPA2 is using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which uses the Advanced Encryption Standard (AES) block cipher for its data encryption [10].To generate a key in WPA2, a 4-way handshake is required to have a Pairwise Transient Key (PTK) and Group Temporal Key (GTK), in addition to a group key handshake.
In WPA2, there are two modes of operation, Pre-Shared Key (PSK) mode for personal networks and enterprise mode for larger corporate networks.In WPA2-PSK, an access point authenticates a client based on a password that is shared in advance, whereas the authentication in enterprise mode is performed via the Extensible Authentication Protocol (EAP) in 802.1x architecture [9].
One weakness in WPA2 is when an attacker can access the network and have particular keys to execute an attack on other devices connected to the network.Although such an action needs roughly 2 to 14 hours to be executed, it is considered a security issue that must be solved [3].In addition to that, WPA2 allows the reinitialization of keys, which leads to attacks called KRACK.This attack utilizes the 4-way handshake that wireless security protocols used to authenticate their users while connecting to the network.After setting the counters to their original settings, the attacker can replay and decrypt messages [11].The details of other attacks can be found in [1].
In June 2018, the Wi-Fi Alliance announced Wi-Fi Protected Access 3 (WPA3) and in July 2020, WPA3 became mandatory for Wi-Fi-certified implementations.It was expected that the adoption rate of WPA3 will grow fast, but the statistics showed the opposite of that [12].
Enhancing the security of the WPA2-PSK handshake was the primary motivation for the development of WPA3.Independent researchers were unable to peer-review the newly implemented features since the WPA3 development process was kept secret from the public [13].
WPA3, similar to its predecessor, has two modes of operation: WPA3-Personal and WPA3-Enterprise.WPA3 permits a transition mode where WPA2 and WPA3 are supported simultaneously to provide backward compatibility [13].
WPA3-personal is using Simultaneous Authentication of Equals (SAE), which represents a secure key exchange protocol between peers designed for authentication purposes [4], [9].And so, the authentication is performed based on a password that is shared among all handshake parties.A high-entropy Pairwise Master Key (PMK) is the output of WPA3-SAE authentication, that will be utilized as input for the 4-way handshake to create a Pairwise Transient Key (PTK) [13], [14].Management Frame Protection (MFP) is used in WPA3-SAE mainly to prevent deauthentication attacks where the attackers force the users to disconnect from the Access Point (AP) [14].
Not all the current 802.11 hardware is able to support MFP or SAE, and so, WPA3 certificate has a transition mode that supports WPA2 and WPA3 simultaneously.In this mode, WPA2 AP will be connected using the 4-way handshake without MFP, and WPA3 AP will be connected using the SAE handshake with MFP.
WPA3-Enterprise is not fundamentally changed from the WPA2 version, but is focused instead on adding improvements and increasing misuse resistance.At a protocol level, WPA3 offers an optional 192-bit security mode that uses 256bit Galois/Counter Mode Protocol (GCMP), widely written as GCMP-256, to provide authenticated encryption [9].

1) DRAGONFLY PROTOCOL
Based on the Wi-Fi Alliance, SAE protocol is using a Dragonfly handshake.According to some research, Dragonfly and SAE are synonymous.For other searches, Dragonfly is considered as one component of many in the SAE protocol.IEEE 802.11 standard defines SAE as a variant of the Dragonfly, a password-authenticated key exchange based on a zero-knowledge proof [4], [9].
Dragonfly is a symmetric peer-to-peer protocol.In Dragonfly, both participants of the exchange are considered equals and have a secure symmetric key from a low-entropy shared secret over insecure public channels, and so they can therefore initiate the handshake simultaneously.Dragonfly is based on discrete logarithmic and elliptic curves (ECC) or finite fields (FFC) cryptography.In Dragonfly, there are two message exchanges between participants, the commit exchange and confirm exchange, as shown in Figure 1 [15].The first commit exchange messages can be initiated, then the process continues to confirm exchange messages after both participants confirm their unique, single guess at the password.The commit exchange is to force each participant to reveal what they think the password is and the confirm exchange is to assess the correctness of the passwords provided by each participant.A successful confirmation occurs after a participant accepts the authentication, and when both participants accept the authentication, the handshake process will be terminated [9], [15].

2) MANAGEMENT FRAME PROTECTION (MFP)
Management Frame Protection (MFP) is defined in the IEEE 802.11w amendment and incorporated in IEEE 802.11 base standard in 2012.MFP provides protection mechanisms for management frames includes origin authenticity, confidentiality, integrity, and replay protection.The mechanisms seek to improve the security levels and apply defense mechanisms against attacks targeting management frames.The Wi-Fi Alliance made MFP mandatory in WPA3 protocol to prevent the attacker from forcibly disconnecting a user from the wireless network.WPA3 access points will advertise MFP as an optional due to the transition mode.WPA2 users will be connected using the 4-way handshake with MFP un-enabled and WPA3 users will be connected using SAE with MFP enabled.

3) WPA3 ATTACKS
There are many vulnerabilities that have been found in previous wireless security protocols that cause damage to the networks or acquire undesired control.WPA2 was modified and updated to WPA3 in an effort to improve security by addressing these vulnerabilities.Table 1 shows attacks in WPA3 protocol.In Table 1, the attacks were categorized as Before WPA3 and After WPA3.Before WPA3 means that attacks do exist in the previous protocols and are still not solved by WPA3.After WPA3 means that attacks occurred only in WPA3 because of either encryption methods or the handshake process.On the other hand, there are attacks that WPA3 was able to solve and prevent such as Handshake Capture Dictionary Attack, PMKID Hash Dictionary Attack, Handshake Capture En/Decryption Attack, and finally the most important one is the KRACK Attack that was the main reason to develop WPA2 to WPA3 [1].

III. RESEARCH METHODOLOGY
This work aims to provide a systematic review of the latest security certificate, WPA3.The guideline for performing this review is by following Kitchenham and Charter's method [7].Their method composes of three stages: planning, conducting the review, and reporting the findings, as shown in Figure 2. The planning stage is the first stage where the questions of the research and the review protocol are defined.The second stage is the conducting stage where the review protocol will be implemented.The review protocol outlines the search strategy and criteria for selecting and excluding the research papers and extracting the required data.Reporting stage, the final stage involves synthesizing the data obtained.

A. RESEARCH QUESTIONS
The primary objective of this work is to provide a review of the emergence of the wireless security certificate WPA3.The following research questions were developed in line with the primary objective:

RQ1: What are the reasons for the emergence of the security certificate WPA3? 2. RQ2: What is the encryption method used in WPA3 that
differs from its predecessors?

RQ3: What are the attacks that WPA3 was able to prevent, and the attacks still could not prevent?
B. DATA SEARCH STRATEGY The search strategy is the most important part of a systematic literature review.The steps here are to define the keywords and the source of the study.The search for articles in the English language was conducted from the following digital libraries: • Google Scholar • Science Direct For the keywords, they were derived from the research questions and Boolean operator (ORs) was used to limit our research and to define the search string, as follows: ''WPA3'' OR ''WPA3 Attack'' OR ''WPA3 Security'' OR ''WPA3 Certificate'' Based on the keywords searches in the digital libraries, 416 articles were collected.

C. PAPERS SELECTION CRITERIA
Initially, 416 papers were collected based on the search terms mentioned earlier.Then, these papers were filtered based on their relatedness to our topic in this review.The filtration process is as follows: First, remove all the duplicated articles that were collected from the different digital libraries.Before the articles were accepted as primary articles, these articles are analyzed against the inclusion and exclusion criteria, which are shown in Figure 3. Also, from references in the selected articles, additional related articles were investigated and applied with the search strategy.

D. PAPERS SELECTION PROCESS
To perform the selection process, the papers were chosen based on the search string, title, abstract, and keywords.From 416 papers, authors investigated papers that have security certificate WPA3 in their title and abstract, and the result was 68 papers.This is because some papers have WPA3 in their title or abstract, but it does not represent the network security protocol.It is either referring to a chemical factor or a symbol for different topics.Out of 68 papers, 25 were excluded because of duplication between digital libraries, 4 as review papers, 1 as a white paper, and 2 as Bachelor's degree projects, which leaves us with 36 articles.The selection process is shown in Figure 4.

E. DATA EXTRACTION
The aim of this step is to analyze the final list of papers to extract the required information to answer our research questions.To avoid bias in the data extraction process, a data extraction form was developed.The following information was extracted from each paper: title of the paper, the publication year of the paper, publication type, RQ1, RQ2, and RQ3.

F. DATA SYNTHESIZING
The data that is collected from the selected papers have to be synthesized in a certain manner to provide answers to our research questions.Section IV exhibits the obtained data in different formats such as tables and figures.

A. RESULTS
This section elaborates the outcomes of the review.An overview of the selected papers is first presented.The outcomes of each research question are explained in detail in the following sections.shown in Figure 5.The figure shows the number of papers that discussed or mentioned the research question, knowing that some selected papers discussed more than one RQ, and in the figure it will be counted under each RQ.As shown in Figure 5, most of the articles were about RQ3 that focuses mainly on attacks in WPA3.Then, RQ2 focuses on the operation mode and encryption method in WPA3.Finally, the RQ1 focuses on the reason for implementing WPA3.The year 2021 received the highest number of publications, where it has 12 publications.Figure 6 shows the number of journal and conference papers published from 2018 to 2023.24 articles were conference papers, which represent 63% of the total selected articles.The rest were journal papers (14 articles), which represent 37%.

1) RESEARCH QUESTION 1 -WHAT ARE THE REASONS FOR THE EMERGENCE OF THE SECURITY CERTIFICATE WPA3?
The first research question aims to show the need and the importance of the emergence of the security certificate WPA3.There are many security flaws in the existing wireless LAN that attackers might exploit to wreak a wide range of harm or obtain unwanted control.The release of WPA3 was mainly to address the security flaws and vulnerabilities in its predecessors and to enhance the current state of security.According to Wi-Fi organization [16], the main reasons for releasing and developing WPA3 is that WPA3 makes authentication more reliable, boosts the cryptographic strength for highly sensitive data markets, and keeps mission-critical networks resilient.[17], [18] sought to spread awareness, importance, and why people should deploy WPA3 in their networks.Both researchers believed that WPA3 is an excellent security protocol and excels its predecessors, and not only the technical issues that affect the security of a network but also socio-technical activities of how people behave.References [10] and [19] showed how WPA3 can solve vulnerabilities in the previous wireless security protocols and be a viable replacement.According to our selected articles, 9 out of the selected papers mentioned the need for the emergence of WPA3 due to several reasons such as avoidance of attacks, improvements of authentication and encryption methods, and others, as shown in Table 3.

2) RESEARCH QUESTION 2 -WHAT IS THE ENCRYPTION METHOD USED IN WPA3 THAT DIFFERS FROM ITS PREDECESSORS?
Based on end users' requirements, there are two modes of operations in WPA3: home and business, as known as 112444 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.WPA3-Personal and WPA3-Enterprise.Although there is not much difference between them, WPA3-Enterprise considered being more secure as it is designed to protect more sensitive data.The encryption method in WPA3 depends on its mode of operation.WPA3-Personal is used when a Wi-Fi device only supports WPA3 and is called WPA3-SAE as it supports SAE as an encryption method [1].WPA3-Enterprise is used in enterprise environments such as industrial and government networks and the encryption in this mode uses 192-bit and is called EAP-pwd [20].In addition, there is also a transition mode, which is indicated as WPA3-SAE transition.This mode allows Wi-Fi devices that only support WPA3 to connect to the WPA2 network.
WPA3-SAE, a variation of the Dragonfly key exchange specified in RFC 7664, replaces the so-called Open System authentication before network association [1].The Dragonfly handshake protects against offline dictionary assaults while providing forward secrecy, and it was utilized in practice by both WPA3 and EAP-pwd [21].
In EAP-pwd, the devices will store passwords in plaintext or in hashed forms, and all ciphers must offer at least 192 bits of security.In this mode, the access point initiates the handshake, commit and confirm frames are encapsulated in 802.1X frames [21].
Since the transition mode is used to accommodate devices that support WPA3 and WPA2 using the same password, AP offers Management Frame Protection (MFP) as an optional feature in this mode, where the older clients connect using WPA2 without MFP and the newer ones using WPA3-SAE with MFP enabled [21].
Based on Table 4, most of the published articles are based on a personal mode of operation, WPA3-SAE.Some are in transition mode and only one article (M10) had all the modes, in addition to a description of the Dragonfly encryption method.

3) RESEARCH QUESTION 3 -WHAT ARE THE ATTACKS THAT WPA3 WAS ABLE TO PREVENT, AND THE ATTACKS STILL COULD NOT PREVENT?
Until the discovery of the KRACK attack on WPA2 in 2017, WPA2 was considered the most secure wireless protocol [11].WPA3 came to fix all the shortcomings of its predecessors, as it was released to address the vulnerabilities in the previous protocols and improve the present level of security.With all the improvements in design, WPA3 was proven to be vulnerable to some types of attacks [14].WPA3 can prevent some attacks, but it is still vulnerable against other attacks.In addition, there are attacks that appeared after the release of WPA3.
During the research on WPA3, the articles that were found are the articles that are explaining the attacks in WPA3 and included the articles that are trying to find a solution to avoid attacks and intrusions.In this research question, the attacks that are still affecting WPA3 and attacks that have been prevented are presented.From the selected articles in Table 2, there were 24 articles that provided an explanation of WPA3 attacks in different ways.For example, out of these 24 articles, 19 articles imitate how attacks happen in WPA3 and 5 articles provided a brief description of the attacks.Out of 24 articles, 20 articles proposed an update and solution to avoid attacks in the WPA3 protocol.
From the previous articles, the attacks in WPA3 were found.Figure 7 shows the attacks before and after the deployment of the WPA3 protocol.In terms of attacks Before WPA3, the attacks were divided into two sections, one that was solved by WPA3 and the other one is still unsolved.For attacks After WPA3, it shows the attacks that occurred due to the encryption methods in WPA3.
Figure 8 illustrates the occurrence of attacks in the selected articles, which are still affecting WPA3.DoS and downgrade attacks got the highest repetition where they were mentioned seven times in the selected articles, followed by deauthentication attacks and side-channel attacks (six times).Timing attacks along with dictionary attacks were mentioned five times and four times, respectively.Three times appeared in evil twin, rogue AP, and brute-force attacks.There are other types of attacks that were mentioned in the selected papers only one time, such as DNS spoofing and SSL stripping in [1], time-memory trade-off attacks in [33], Miscellaneous Leaks in [34], and Ghost attacks in [37].

B. DISCUSSION
This work applied a systematic procedure to provide a proper understanding of the wireless security certificate WPA3.There are three research questions that were formulated and answered to achieve the objective.From the research that has been done, the main ideas in the articles were the effect of the attacks, how to avoid attacks, imitate attacks, software used to perform attacks, software used to avoid attacks, solutions, and updates to improve WPA3 certificate.
This part of the paper intends to exhibit what other researchers did regarding their work on WPA3.The results can be useful in highlighting the direction of future research.This part provides the following information: • Tools and software used to generate attacks and monitor the channels.
• The impact of different attacks on WPA3.
• Techniques that were added to WPA3 to provide more security.
There are different tools and methods used to generate attacks that affects WPA3 for different purposes and to monitor the channel, such as Aircrack-ng that is used to launch and generate WPA3 attacks [19], [23], [40], MDK3 to gather information [19], Hostapd-2.9used to perform attacks in [20], [24], [26], and [35].Dragondrain used to generate attacks in [21] and authors used MicroWalk to detect the attacks.On the other hand, authors developed a software to create attacks, such as [31] proposed software to perform active attacks by picking up passwords from the dictionary file and trying different passwords until they connect with the access point.[33] performed attacks by precomputing a table that converts an SAE-PK password into a valid modifier and public key for which the private key is known.
Several research have been implemented to test the ability of WPA3 to prevent attacks and to study the effects of these attacks.Researchers in [19] and [29] tested the ability of Management Frame Protection (MFP) in WPA3, where they showed the ability of WPA3 to prevent disassociation and deauthentication attacks, in addition to increase its efficiency in preventing attacks.On the other hand, [35] showed that un-enabling of MFP, allowed for deauthentication attacks and made WPA3 vulnerable.
An evaluation of the efficiency of dragonfly handshake and SAE in WPA3 was done in [14], [20], [21], [24], [28], [33], and [36], where researchers sought to analyze these features and explore the vulnerabilities in WPA3's handshake and SAE.In [14], timing or cache-based side-channel leaks were exploited to recover the password of WPA3 by downgrade from WPA3-SAE to WPA2-PSK.Reference [20] discovered bad-token vulnerability in SAE causing DoS attacks.Reference [21] proved that the minor changes in password encoding would prevent vulnerabilities in dragonfly handshake.
Reference [24] showed that if attacker is persistent enough, then SAE is vulnerable to all DoS attacks.Reference [28] proved that SAE protocol is weak to a chosen random value attack and its extension attacks.Finally, WPA3Fuzz strategy is used to identify the vulnerabilities in SAE and MFP against DoS attacks.To prove weakness in SAE, [34] implemented Cache attack to show that this attack is able to leak some information on the password and [25] presented three DoS attacks that affect the availability of WPA3 networks.
Reference [44] presented a collection of side-channel vulnerabilities called Dragondoom by targeting password conversion methods in order to help attackers to recover WPA3 passwords.Owfuzz, an over-the-air fuzzing approach implemented by [47] to test all three types of WPA3 Wi-Fi frames (management, control, and data).
References [1] and [23] worked on comparing the attacks in WPA2 and WPA3 and both concluded that WPA3 can provide more security than any of its predecessors.The previous works were on personal mode of WPA3, the effects of attacks on WPA3-transition mode is found in [12], and [22] presented the defensive power and potential impact to mitigate the risk of attacks in WPA3-enterprise mode.Reference [45] concluded that WPA3 offered higher security than WPA2, even though the CPU utilization of WPA3 is higher.Reference [46] found two attacks on Wi-Fi beacons that have an effect on the battery life of wireless devices and proved that WPA3 is still vulnerable against them.
There was a group of researchers that worked to add more security and reliability to WPA3 such as in [26], [27], [30], [32], [37], [38], [39], [40], and [41].An intrusion detection System (IDS) was used in [26] and [27] to add more security to WPA3 networks, where authors implemented a signature-based IDS to detect WPA3 attacks.In [40], authors  created a dataset that contains few numbers of WPA3 attacks in order to be used later for different purposes.
ComPass is a protocol created by [37] to supplement WPA2/WPA3 by replacing user-selected passphrases with automatically generated ones to avoid guessing attacks.Reference [38] increased the security of WPA3 through implemented encryption techniques in the physical layer based on frequency induction for OFDM signals.Proof of Existence (PoEx) scheme introduced in [39] is used to protect the network against Evil Twin attacks, where authors witnessed besides protecting the network, there are improvements done on the network through the lifetime forging and network's throughput.
Reference [30] applied Paired Token scheme to replace Pairwise Master Key (PMK) with the onetime authenticated key establishment to deliver high performance to a larger number of clients using WPA3 networks.For the purpose of deriving a high entropy shared secret key, [32] used the standard generator for the cyclic group and proposed Block Encryption-based Password Authenticated Diffie-Hellman Key Establishment (BEPAKE) protocol between the access point and the client.Reference [41] did an analysis to minimize the association overhead caused by key computation in WPA2 and WPA3 and proved that the beacon listen interval and channel utilization influence the wake-up delay of lowpower stations.
In the end, from the previous discussion, it was shown that most of the researchers tried to test the capability of WPA3 protocol to provide security to either personal or enterprise networks.Previous researchers tried to find a way to penetrate WPA3 protocol by performing and creating attacks through Aircrack-ng, hostapd, Dragondrain, etc.They used software to detect attacks such as MDK3 and MicroWalk.Most of their research was done on cutting the connection from WPA3's access point or preventing users from entering a WPA3 network.Downgrade attacks, deauthentication attacks, and DoS attacks were the major concerns for numerous researchers to provide countermeasures, as they showed the vulnerability of WPA3 against these attacks.From here, we conclude that the main issues in WPA3 are due to encryption and encoding methods, where most of the previous works tried to recommend solutions to avoid attacks related to encryption and encoding methods.
From the research that has been done, to make WPA3 more secured to be used and to reduce the probability of users and networks being hacked, an improvement on WPA3 itself or on WPA3 environment can be done, which can be summarized as follows: • The improvement on WPA3 protocol can be done in the way of generating the password.The previous work [36], [37] focused on generating passwords automatically to increase security.To provide more security to the WPA3 network, we believe that the WPA3 password should be generated using a computer and then changing this password automatically from time to time.Such action would increase the number of guesses required to crack the password, which results in reducing the probability of the network being hacked.
• The improvement of the WPA3 environment can be implemented through adding an intrusion detection system (IDS) capable of detecting and preventing attacks.The previous works [25], [26] added IDS based on knowing few attacks of WPA3.We believe that 112448 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
implementing IDS-based machine learning would allow for better detection and prevention of WPA3 attacks.Machine learning models proved their ability through the years in different aspect of life, and so, developing machine learning model that has full awareness of WPA3 attacks would provide more reliability and security to WPA3 networks, where the model will be trained and tested on all WPA3 attacks, which will then prevent them from causing harm on the network.
Finally, despite the attacks on the WPA3 protocol, all the existing works proved the capability and ability of WPA3 protocol to provide security more than its predecessors.More explanation of works that focused on providing details of WPA3 attacks and how to prevent them is given in Table 5.

V. LIMITATION OF THE STUDY
This systematic literature review was conducted with a focus on selected studies on wireless security certificate WPA3.The search process was performed using a limited number of keywords, which resulted in a limited number of selected papers that sought to purely focus on WPA3 to help researchers who want to know more about this protocol.The articles were limited to journal and conference articles between the years 2018 and 2023.Several non-relevant research articles were excluded based on our inclusion/exclusion criteria.

VI. CONCLUSION
This systematic literature review studied the wireless security certificate Wi-Fi Protected Access WPA3.Findings show that the devised systematic literature review is the first of its kind in wireless security protocols.From the research conducted, it is concluded that most of the related works of WPA3 are focusing on finding attacks, generating attacks, and on testing how WPA3 is capable of preventing attack.Researchers used different tools and methods to achieve their goal such as Aircrack-ng, MDK3, Hostapd-2.9,MicroWalk, and Dragondrain.Other researchers sought to improve WPA3 by adding different approaches and methods to the wireless security protocol, such as Intrusion Detection System, Com-Pass approach, Paired Token scheme.The review investigated the related studies that were published between the years 2018 and 2023.Thirty-six articles were studied to answer three research questions, and the results achieved as follows: For RQ1, the main reason behind the release of the WPA3 protocol is to provide more security and to overcome attacks in its predecessors.The results of RQ2 show how implementing Simultaneous Authentication of Equals (SAE), which is the Dragonfly handshake process in WPA3 and Protected Management Frame (PMF), played an important role in increasing the security in WPA3.The findings of RQ3 show that despite the improvement of WPA3, there are still some attacks that WPA3 cannot prevent.In this research question, the attacks that were prevented and the attacks that were unsolved are shown.Finally, a discussion on the selected papers was addressed.
Lastly, it can be concluded that the WPA3 protocol is a recent security protocol that excels the previous protocols.Based on this review, a recommendation to researchers to conduct more research on ways to improve this protocol, as follows: exploiting the capability of computer-generated passwords to work on the WPA3 protocol itself or by taking advantage of Machine Learning ability to build an Intrusion detection model capable of detecting attacks with high accuracy and low false alarm rate.

FIGURE 5 .
FIGURE 5. Number of articles based on publication year.

FIGURE 6 .
FIGURE 6. Number of articles based on publication type.

FIGURE 7 .
FIGURE 7. Attacks before and after the release of WPA3.

FIGURE 8 .
FIGURE 8. Attacks in WPA3 based on chosen articles.

TABLE 1 .
Attacks still exist in WPA3.

Table 2
shows the selected papers based on research article number, title, publication type, and year of publication.The publication years of the selected papers from 2018 to 2023 regarding the security certificate WPA3 per year are

TABLE 2 .
Selected research articles.

TABLE 3 .
Reason for the emergence of WPA3.

TABLE 4 .
Articles based on the operation mode and encryption method.

TABLE 5 .
Articles based on WPA3 attacks.Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.