The Wi-Fi Alliance just unveiled WPA3, five months after it was first announced. The nonprofit organization that certifies Wi-Fi networking standards introduced a certification for two versions of WPA3, the successor standard to WPA2: WPA3-Personal and WPA3-Enterprise as well as Wi-Fi Easy Connect, a program that makes it easier to pair Wi-Fi devices without displays. Wi-Fi Alliance vice president of marketing Kevin Robinson dubs WPA3 as “the next generation of security for personal and enterprise networks.”
VentureBeat reports Robinson added that, “one of the most important roles for the Wi-Fi Alliance is to ensure that the industry is staying ahead of emerging threats.” In October 2017, “security researchers uncovered KRACK, a flaw in WPA2 that allows determined attackers to see, decrypt, and even manipulate network traffic.”
Although Wi-Fi routers have already received patches to protect devices, “WPA3 was engineered from the ground up to address WPA2’s technical shortcomings.”
The two WPA3 versions “disallow legacy protocols, meaning that WPA2 devices can’t connect to WPA3-exclusive hotspots that don’t have a special transitional mode enabled,” and they both “require Protected Management Frames (PMF),” which prevents users from eavesdropping on or “kicking clients off of a network.” Otherwise, they are not similar.
WPA3-Personal is “optimized for smaller, one-password networks in homes and apartments,” and has a much tougher authentication mechanism, based on Simultaneous Authentication of Equals (SAE), to fend off so-called dictionary attacks whereby “hackers intercept traffic between a client and Wi-Fi router and use a graphics card or cloud computing service to iterate through all possible passwords.”
“For every guess of the password, devices have to interact with each other,” said Robinson.
WPA3-Enterprise, on the other hand, is intended for “large-scale Wi-Fi deployments in corporate environments,” and uses a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems. This security system is “tailor-made for industrial, defense, and government networks with high-security requirements,” and, said Robinson, “offers greater consistency in the application of security protocols … and better network resiliency.”
Wi-Fi Easy Connect is a “new connection protocol for WPA2 and WPA3 networks” that “lets users add devices with limited or no display interface to a network by scanning QR codes.” In contrast, Wi-Fi Protect Setup (WPS) “requires tapping a physical button on the router and client.” “Each Wi-Fi Easy Connect device will have a QR code or a piece of paper inside the box,” said Robinson, who added that the user only need “snap a picture with your phone to onboard it.” The Wi-Fi Alliance is letting manufacturers decide whether to implement Wi-Fi Easy Connect and WPS together.
Qualcomm already stated it would add support for WPA3 to its flagship chips as soon as June. Robinson noted that, despite the fact that WPA3 will eventually be mandatory, WPA2 is still supported. “While we’re focusing on next-gen Wi-Fi security, the Wi-Fi Alliance continues to maintain and update WPA2,” he said.