WPA3: A Look Back at How We Got This Far
Wi-Fi connectivity is an essential requirement for most businesses. Security of the network is a top priority, and with wireless networking celebrating its 20th anniversary, it’s clear the wireless industry recognizes that authentication and encryption protocols must evolve to guarantee the security of Wi-Fi communications moving forward.
In June of 2018, nearly 14 years since the last update, the Wi-Fi Alliance announced a major security improvement to Wi-Fi: WPA3 (Wi-Fi Protected Access Three). WPA3 is the next generation Wi-Fi security standard that tackles WPA2 shortcomings to better secure personal, enterprise, and IoT wireless networks. WPA2 has served the industry well, but with everything in technology, a new class of technology requires a new class of security.
Businesses are continually looking to optimize their working environments to streamline operations, enhance customer service, and secure assets. Internet of Things devices can effectively support businesses who need to reduce IT overheard as well as improve people productivity, leveraging enormous amounts of data to change the way they run.
Because of the volume of IoT devices, they can be hard to identify and difficult to secure. With this in mind, enterprise networks need to be able to handle greater capacity demand and security complexity than ever before. That’s a real challenge with technology already being used far beyond what was originally imagined.
When you have a conversation about mobility, I think it’s important to pause for a moment and look at how much the world has changed. At the end of 2013, there were more mobile devices than people on earth. Each year since then, about 3 billion more mobile wireless devices were purchased. By 2020, it is predicted that 50 billion devices will be connected to the Internet. The vast majority will use some form of wireless for access. This situation is where WPA3, enters the scene. WPA3 builds on WPA2 to deliver a suite of features to simplify Wi-Fi security configuration and enhance Wi-Fi network security protections. It delivers more resilient password-based authentication providing stronger security protection against password guessing attempts by third parties and greater cryptographic strength for government, defense, and other security-sensitive environments. All WPA3 networks will use the latest security methods, disallow outdated legacy protocols, and require use of Protected Management Frames (PMF) to maintain resiliency of mission critical networks. The WPA3 brand continues to support and segment the market with WPA3-Personal & WPA3-Enterprise. WPA3 maintains backward compatibility with WPA2.
What’s happening with WPA2? The Wi-Fi Alliance introduced enhancements and new features to ensure WPA2 maintains strong security protections as the wireless landscape evolves. WPA2 continues to be mandatory for all Wi-Fi CERTIFIED devices.Some of the WPA2 enhancements include:
- Mandates support of Protected Management Frames (PMF)
- Prevents de-authentication attacks where an adversary can forcibly disconnect clients from a Wi-Fi network and monitor a reconnect
- Addition of digital certificate test cases to ensure that proper certificate validation checking is performed by station devices
- RSN Element (RSNE) multiple –AKM suite selector testing validates that client devices can successfully receive an RSNE that includes more than one AKM suite selector
- Patched against the KRACK attack against WPA2.
Next week, we will discuss in more depth how WPA3 works, device compatibility, support in current networking hardware, and more.