Summary Bullets:
• WPA3 is the new WLAN security standard, with the network and device industry on board for migration from WPA2 starting now
• Stronger authentication and encryption will thwart attackers, while Easy Connect configuration will make set-up easy for connected home and IoT devices
Fourteen years is a long time in Wi-Fi technology. In fact, it’s almost its entire history. That’s why this week’s announcement by the Wi-Fi Alliance introducing Wi-Fi CERTIFIED WPA3 is garnering much more notice than a new security standard usually gets.
Wi-Fi Protected Access (WPA) was introduced back when wireless networking was still in its infancy. It’s helped secure personal and enterprise Wi-Fi networks with data protection and access control for authorized users. Based on the IEEE 802.11i standard, the now standard WPA2 provides security using the FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication. Almost every Wi-Fi connected device today is running personal or enterprise versions of WPA2 with 128-bit encryption, and while it has done yeoman’s work keeping thieves, snoops, and spongers out of protected networks, the technology of systems around it has continued to advance and new flaws have been discovered and exploited in recent years.
WPA3, first announced in early 2018, is now available for inclusion in products by manufacturers of Wi-Fi-enabled devices. Based on and fully interoperable with WPA2, the new standard (which also comes with Personal and Enterprise flavors) brings with it advancements in encryption, authentication, and ease of configuration.
Authentication – or, are you who you say you are? – is what passwords are for and WPA3 makes it more difficult for people (or hackers or bots) to guess your Wi-Fi password. By using the simultaneous authentication of equals (SAE) authentication process, WPA3 slows down attacks by requiring interaction with the network each time encryption keys are requested. According to the Wi-Fi Alliance, this makes brute force attack techniques that depend on cloud-based server farms and automated key attempts unavailable to such attackers.
Encryption – the bit where bits are encoded – is what makes passwords (or keys) necessary for authenticated users to access the network. WPA3 Enterprise provides 192-bit encryption, critical for Wi-Fi networks handling sensitive personal or intellectual property data and making Wi-Fi more acceptable in financial or government organizations. Both WPA3 versions disallow outdated encryption algorithms while still providing a path for transition to the new standard. WPA2 continues to be mandatory for all devices certified by the industry body, and as market adoption of WPA3 grows, the new standard will also become required. In the meantime, WPA3 maintains interoperability with WPA2 devices through a transitional mode of operation.
Configuration – setting up new networks and users – is the most visible area of improvement for the new Wi-Fi security standard. As the number of connected devices per user continues to expand, this will be seen as a blessing by those who have been hooking up routers, dongles, and laptops to wireless LANs since shortly after the turn of the century. The new Easy Connect feature reduces the complexity of onboarding Wi-Fi devices with limited or no display interface (including new devices coming to market for Internet of Things applications), while still maintaining high security standards. Users can add any device to a Wi-Fi network using another device with a more robust interface, such as a smartphone, by scanning a QR code. In this case, the authenticated phone provides a referral to the network for the connected fridge or other IoT sensor. It makes a change from writing down 25-digit Wi-Fi keys and entering them (without an edit function!) using phone dialpads, TV remotes, or the sticky buttons on a desktop printer.
For the tech industry, standards pave the way for increased adoption—and more sales—so plenty of device makers from Intel to HP, Huawei to Broadcom, have enthusiastically welcomed the introduction of WPA3. Cisco will be integrating it into its Aironet Access Points and Wireless Controllers via a firmware upgrade, but enterprise and consumer customers won’t benefit until their devices also support the new standard. In the meantime, users should choose new products based on support (or upgradeability) of WPA3 Personal or Enterprise to get off on the right foot with connected home, car, and office deployments. They’ll ensure better, easier, protection of their networks, while getting in early with a security protocol which is likely to serve users for at least another decade.
IT Connection 