WPA3: Evolution Over Revolution

WPA3: Evolution Over Revolution

What is WPA3?

The Wi-Fi Alliance recently unveiled Wi-Fi Protected Access 3 (WPA3), the biggest security update to the Wi-Fi wireless networking protocols since their introduction 14 years ago. WPA3 is an evolution of the WPA2 protocol introduced in 2004 designed to address vulnerabilities found in its predecessor.

WPA3’s main changes include:

  • Simultaneous Authentication of Equals (SAE) – a new method of authenticating devices trying to connect to a Wi-Fi router and connecting device is changed each time a connection is established. This is done in order to thwart Key Reinstallation Attacks (aka KRACK), in which users’ Wi-Fi connections are disrupted so their data can be redirected to a malicious network for eavesdropping. SAE replaces the Pre-Shared (PSK) method used by WPA2
  • 192- encryption – WPA1-Enterprise, a version of WPA3 geared toward financial institutions, governments, and corporations, features 192-bit encryption. While not mandatory, it is available for those institutions wishing to boost their networks’ overall security. 

The Wi-Fi Alliance also revealed two additional security protocols that, while separate from WPA3, complement it: 

  • Easy Connect – a protocol that allows faster authentication of devices connecting to a Wi-Fi network. Rather than entering a password for each device added to a Wi-Fi network, users can scan a device’s unique QR code using their smartphone, with the code acting as a type of public key. Once the QR code is scanned, the network and the device exchange and authenticate encryption keys for all subsequent connections. Easy Connect was designed to deal with the anticipated explosion in wireless devices brought on by the Internet of Things (IoT) 
  • Enhanced Open – a protocol designed to protect users on open Wi-Fi networks. Meant to thwart the packet sniffling and packet injection attacks typically encountered on open networks (like those found in coffee shops, restaurants, and airports), Enhanced Open encrypts Wi-Fi signals by default without requiring authentication. This process, called Opportunistic Wireless Encryption (OWE), provides an additional layer of network defense without requiring users to enter additional passwords or go through extra steps.

Why is WPA3 important?

“I’ve spoken with many in ORION’s research and education community, especially the higher education sector, who have had challenges with a weaker wireless access protocol,” says Farooq Naiyer, ORION’s Chief Information Security Officer. a shared initiative across eight Ontario higher education institutions. “Challenges include a large unauthorized user base attempting to access internet links, as well as the growing use of Internet of Things (IoT) and Bring Your Own Device (BYOD) which can serve as backdoors to many kinds of malware. The introduction of the WPA 3 protocol ill surely enable our community, who are invested in wireless networking, to gain from this evolution and provide more secure network access to its users.”

What’s next?

New products with WPA3 support will begin appearing in the coming year, but the Wi-Fi alliance doesn’t predict widespread adoption until late 2019. With support from major industry players like Cisco and Asus as well as backwards compatibility with WPA2 devices, WPA3 represents a sensible step forward for wireless networking. ORION’s community (and their IT staffs) can sleep easier knowing that WPA3 can adapt to the security threats of today while keeping a stable upgrade path for tomorrow.