Next generation Wi-Fi security standard – WPA3 and it’s features
WPA3 stands for Wi-Fi Protected Access III, came into picture in 2018, is the advancement made to WPA2 in Wi-Fi security. The need for development of WPA3 is the vulnerabilities found in WPA2.
WPA3 has both Personal and Enterprise versions. Enterprise version is improved with higher cryptographic security methods beneficial for organisations, governments to maintain confidentiality of data.
How is WPA2 insecure?
WPA2 works with an encryption of AES with CCMP, but the authentication of client to the network is done using a Four-Way handshake which is exploited by KRACK Attack. Also one of the parameters to form a static encryption key for a session is passphrase. In WPA2 if the passphrase is weak or compromised by brute force and dictionary attack , the network is also compromised.
To patch such problems WPA3 networks have to use latest security methods, refuse to use former legacy protocols and operate Protected Management Frames(PMF) – to increase data authenticity, integrity and shield from replay attack.
Latest features of WPA 3 are
- Secured Handshake for authentication
- Solution for WPS threat in WPA2
- Privacy on Open networks
Details of above mentioned features:
SAE ( Dragonfly Handshake)-The important advancement in WPA3 is the Simultaneous Authentication Encryption (SAE) that replaces PSK in WPA2 , restricting the brute force attack. One password guess per one session is introduced in WPA3 which makes it hard for hackers to implement the offline attacks. Natural password selection allows users to set easy passwords they can remember, though these are weak and small the algorithms used will keep the network safe.It also has Forward Secrecy, which will secure the data though the passphrase is compromised in worst cases.
WPS (Wi-Fi Protected Setup) is basically used to onboard a device onto the Wi-Fi network. But the working procedures of WPS cause threats to network. By using tool like Reaver, WPS can be cracked. So WPS is replaced by Wi-Fi Easy Connect which uses Device Provisioning Protocol(DPP) developed by Wi-Fi Alliance to shield from WPS attacks. All the devices that want to use Wi-Fi Easy Connect need to be able to work with it. This feature helps in connecting the smart home and IoT devices with less GUI too, to the network using QR codes scanning done by an associate device between the smart gadgets and Wi-Fi network.
Open Wi-Fi network – Open/Public networks those don’t have authentication passkeys will perform unencrypted transmission between device and Access Points(AP). Due to this reason Open networks are security less and not suggested to connect with. But in cases, when left with no option, we will connect to Wi-Fi networks at Coffee Shops, Airports, etc.. With the new enhancement, WPA3 solves problem by using Opportunistic Wireless Encryption (OWE) for safer hotspot usage, which enables open networks to operate at ease with privacy for clients, with unauthenticated encryption of data on Open network.
In a nutshell !
WPA3 is bagged with cutting-edge advancements, but for practicing these features it needs new devices that are certified by Wi-Fi Alliance. Not only the routers but the client side devices too need to be compatible. Both the hardware ( Laptops,PCs and mobiles ) and the software ( OS ) are being developed by tech giants in market to roll out WPA3 completely. Till then in the transmission period WPA2 continues to serve the Wi-Fi security environment interoperable on Wi-Fi certified devices. Proper configuration on new devices should be made otherwise vulnerability chances remain as in past.
Wide adoption of WPA3 is one of the Wi-Fi trends in 2020, expected by the interaction of Wi-Fi Alliance at CES 2020 with the member companies.