The Wi-Fi Alliance has announced the beginning of certification for WPA3-enabled devices, the first major revision to Wi-Fi security since WPA2 was introduced in 2004. The new standard was announced this January following industry reaction to the KRACK vulnerability disclosed in October 2017. As the KRACK flaw is an oversight in the design of the WPA2 protocol–not a specific vendor implementation–a new standard with more robust security measures was required to address the issue.
Additional enhancements were added as part of WPA3. As with WPA2, it is available in both “Personal” and “Enterprise” configurations. According to a press release, WPA3-Enterprise includes “the equivalent of 192-bit cryptographic strength,” while both include additional security protections for situations in which users choose insufficiently complex passwords.
WPA3 includes a function called Simultaneous Authentication of Equals, which protects against password guessing by malicious actors, as an important mitigation for the KRACK attack. While previous standards could allow a malicious actor to capture transmissions and brute-force crack the password from those captured transmissions, this will no longer be possible under WPA3, the release noted. SAE is a replacement for Pre-shared Key (PSK) in WPA2.
The Wi-Fi Alliance has also introduced a new method for joining devices to a network called Wi-Fi CERTIFIED Easy Connect, which allows users to scan a QR code printed on a given device using a smartphone to connect the device to a given Wi-Fi network, the release said. This is intended to reduce difficulties for connecting devices with limited or no displays, as is often the case with IoT devices. This feature will be available for WPA2 and WPA3 devices.
SEE: Network security policy (Tech Pro Research)
While device certification has now started, WPA3 availability will not be immediate. Existing devices can receive the ability to use WPA3 through firmware upgrades, though this naturally depends on the willingness of the device manufacturer to provide this capability for existing devices rather than require the purchase of new products. That said, devices with WPA3 support can still connect with WPA2 devices, so the transition will not disrupt the use of existing devices.
While WPA3 support is not a requirement for new devices (yet), it is expected that new models of routers and access points that support the new 802.11ax standard expected to be released in 2019 will support the new standard. 802.11ax is designed to operate between 1 GHz and 5 GHz bands, including the 2.4 GHz band unsupported by 802.11ac. It brings higher speeds to connected devices by extending Muti-user MIMO to both the uplink and downlink directions, as well as orthogonal frequency-division multiple access (OFDMA), a digital modulation technique which was first popularized in WiMAX.
SEE: Brute force and dictionary attacks: A cheat sheet (TechRepublic)
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Certification for WPA3-enabled devices has begun, as part of the first major revision to Wi-Fi security since WPA2 was introduced in 2004.
- Existing devices can receive the ability to use WPA3 through firmware upgrades, though this naturally depends on the willingness of the device manufacturer to provide this capability for existing devices rather than require the purchase of new products.