It is the next generation of WiFi security
Protecting Wi-Fi from hackers is one of the most important tasks in cybersecurity. Which is why the arrival of next-generation wireless security protocol WPA3 deserves your attention.
When you log onto a coffee shop’s WPA3 Wi-Fi with a WPA3 device, your connection will automatically be encrypted without the need for additional credentials. It does so using an established standard called Opportunistic Wireless Encryption.
As with the password protections, WPA3's expanded encryption for public networks also keeps Wi-Fi users safe from a vulnerability they may not realize exists in the first place. In fact, if anything it might make Wi-Fi users feel too secure.
New security features include:
1. WPA3 uses the Simultaneous Authentication of Equals (SAE) algorithm, which replaces Pre-shared Key (PSK) in WPA2-Personal, while WPA3-Enterprise uses a more complex set of features that replace IEEE 802.1X from WPA2-Enterprise. These are:
-
authenticated encryption
-
key derivation and confirmation
-
key establishment and authentication
-
robust management frame protection.
2. WPA3 is resistant to dictionary attacks.
The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.
3. Wi-Fi Easy Connect for WPA2 and WPA3
This feature is aimed at smart (Internet of Things) devices that don't have a screen where a user can configure its Wi-Fi network settings. For example, a user will be able to use his phone or tablet to configure the WiFi WPA3 options of another device that doesn't have a screen (i.e. User Interface), such as tiny IoT equipment like smart locks, smart light bulbs, and others.
4. Wi-Fi Enhanced Open: a proprietary technology, which uses an algorithm known as Opportunistic Wireless Encryption (OWE) to encrypt each connection between a WiFi user and the router/access point with its own custom encryption key. This per-user encryption prevents local attackers from snooping on other users' traffic, even if the network doesn't require a password to join.
5. Another very big feature is an optional 192-bit security suite. This is a cryptographic strength enhancement. The feature is aligned with the Commercial National Security Algorithm (CNSA) Suite and designed to maintain data integrity on networks requiring the highest security, even in a post-quantum computer era. As the Wi-Fi Alliance has stated,
“WPA2 will continue to be deployed in Wi-Fi CERTIFIED devices for the foreseeable future, and all devices supporting WPA3 will continue to work with WPA2 devices. Wi-Fi CERTIFIED for both WPA2 and WPA3 validates recommended security practices as the security landscape changes.”
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM