For the first time in over a decade, the current Wi-Fi security standard is receiving an upgrade. In late June 2018, Wi-Fi Alliance, which consists of technology companies responsible for the development and implementation of the Wi-Fi protocol, announced Wi-Fi CERTIFIED WPA3. WPA3, which stands for Wireless Protected Access Version 3, brings a new set of security capabilities and features designed to protect home and company networks. Like the current standard, WPA2, the new protocol includes two different implementation options: WPA3-Personal for smaller home and business networks, and WPA3-Enterprise to support larger organizations.
WPA3 adds new features designed to simplify security, provide more robust authentication, and stronger cryptographic features for networks where sensitive data is being transmitted. Both WPA3-Personal and WPA3-Enterprise are designed to be extremely resilient for networks that rely on Wi-Fi for production use cases. Both of these WPA3 versions share common characteristics. For example, both utilize the latest security features and deprecate outdated encryption mechanisms. The new Wi-Fi standard also implements the use of something called Protected Management Frames, which are designed to prevent unauthenticated users from eavesdropping on or creating fake network traffic.
As in the current standard, “Personal” and “Enterprise” implementations differ in certain respects, specifically in the realm of authentication. WPA3-Personal provides stronger protection for the pre-shared key (i.e. password) used to connect to the wireless network. Even when password complexity requirements are not met, WPA3-Personal is designed to protect the authentication traffic from malicious users who may look to capture and “crack” the Wi-Fi password. In this way, the increased security of WPA3-Personal allows users to select Wi-Fi passwords that are easier to remember. If the password is compromised, WPA3-Personal will protect the data in transit after it was sent. This feature is transparent to the end user, making WPA3-Personal easier to use with increased security.
WPA3-Enterprise utilizes stronger cryptographic protocols and techniques. It is designed to be used in enterprise, government, or financial environments. This version offers an optional mode using 192-bit minimum strength security features and cryptographic principles. This includes increased protection for authentication traffic, key derivation and confirmation, key establishment and authentication, and management frame protection. Visit the Wi-Fi Alliance for a full description of these security features.
In an effort to make the standard easier to use, without compromising security, the Wi-Fi Alliance group also announced Wi-Fi CERTIFIED Easy Connect and Wi-Fi CERTIFIED Enhanced Open. Wi-Fi Easy Connect is designed to ease the burden of onboarding of devices without visual interfaces (i.e. IoT devices) easier. Wi-Fi Enhanced Open is a new program designed to improve data protection while maintaining ease of use of open networks. Enhanced Open allows for data to remain encrypted without IT staff managing and disseminating passphrases.
WPA3 is currently an optional certification for Wi-Fi devices, but it will become mandatory as more vendors and organizations adopt the technology. Current WPA2 devices will be interoperable with WPA3 devices in an effort to ease this transition. Hardware and software manufacturers alike will support the WPA3 protocol. The adoption of this latest Wi-Fi protocol can help to maintain the security of production wireless networks, which are a common target for attackers.
