Long-awaited protocol updates boost security and simplify IoT connections.
When the first Wi-Fi protocol was released in 1997, it set the stage for a remarkable shift in the way people work and the devices they use for computing and communication. Wi-Fi now moves more than half of all Internet traffic, and it has helped make mobile the primary digital platform for business users in the U.S.
However, this shift has also introduced some risk. As a broadcast technology, wireless is much more susceptible to unauthorized access compared to a wired connection. In a recent Spiceworks poll, 92 percent of IT security professionals say they are concerned about security vulnerabilities associated with the use of Wi-Fi networks.
To address these vulnerabilities, the Wi-Fi Alliance has introduced new features designed to strengthen and simplify the Wi-Fi Protected Access (WPA) security protocol. WPA3 is the first protocol update in 14 years, and the Wi-Fi Alliance says it will enable more robust authentication and deliver increased cryptographic strength for sensitive data. The Wi-Fi Alliance began certifying products that support WPA3 in June.
“As Wi-Fi evolves to deliver more value in an ever-expandingarray of use cases, it’s important that security evolves too,” said Vijay Nagarajan, senior director of marketing for Wireless Communications and Connectivity division at Broadcom. “WPA3’s new features such as improved password-based authentication and stronger encryption will further simplify and strengthen how consumers and businesses connect to the Internet every day.”
Getting a Fair Shake
The update has been in the works for some time, but the process gained urgency following last year’s discovery of a flaw in the WPA2 protocol that can potentially enable an attacker to see, decrypt, or even manipulate data on the network. Known as KRACK (Key Reinstallation Attack), the flaw allows attackers to interfere with the initial handshake between a device and Wi-Fi router, creating an opening to conduct Man-in-the-Middle attacks that could expose a wealth of personal information such as usernames, passwords, bank account numbers and more.
WPA2 employs a four-way handshake to secure traffic passing between a Wi-Fi access point and a Wi-Fi client. It essentially ensures that a user knows the network password, and it also generates an encryption key to thwart any attempts to intercept communications. The KRACK flaw allows an attacker to record and reinstall a cryptographickey that has already been used. The attacker can then copy data packets that were sent previously, take the data offline and subject it to a “dictionary attack” which throws thousands of common passwords per minute at the router until it finds the right one.
WPA3 includes a new handshake authentication process that can’t be compromised by KRACK. The new process is formally known as the simultaneous authentication of equals (SAE)but is more commonly known as the Dragonfly protocol. This process requires key exchanges to be made on a live collection, and it thwarts dictionary attacks by blocking offline password attempts after a single incorrect attempt.
Additionally, WPA3 supports a much stronger encryption algorithm. While WPA2 requires a 64-bit or 128-bit encryption key, WPA3 uses 192-bit encryption. What’s more, the WPA3 security suite is aligned with the Commercial National Security Algorithm (CNSA) Suite, which delivers the robust levels of security typically used in industrial, military and government applications.
The revised standards also seek to improve security when connecting through public Wi-Fi hotspots in airports, restaurants andhotels. WPA3 supports Opportunistic Wireless Encryption (OWE), an existing standard that encrypts every connection between a device and an access point with a unique key, without the need for additional credentials. Even if hackers manage to intercept data packets, they won’t be able to decrypt the master key.
Making IoT Connections
WPA3 also addresses connectivity challenges that have arisen with the Internet of Things (IoT). When the WPA2 protocol was developed, the only devices making wireless network connections had screens and keypads. That made it easy to onboard devices such as smartphones and laptops. Onboarding IoT devices that merely have embedded wireless sensors and actuators is a far more complicated process.
WPA3 deals with this through a feature called Wi-Fi Easy Connect that simplifies the process of pairing Wi-Fi devices without a user interface. This feature allows users to add such devices to the network by scanning QR codes. This prompts the protocol to run and automatically provisions the device with the credentials needed to access the network. The Wi-Fi Alliance has made Wi-Fi Easy Connect backward compatible with WPA2.
With WPA3 certification just beginning, the standard is not yet mandatory for wireless devices. As such, WPA3 will maintain interoperability with WPA2 devices through a transitional period of several years. However, many device manufacturers have already announced their support, including Qualcomm, which has already startedmaking a chip for phones and tablets that support WPA3.
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”