Latest in Wi-Fi security
Earlier in 2018, Wi-Fi Alliance (WFA) announced enhancements to Wi-Fi access security. These enhancements are collectively referred to as Wi-Fi Protected Access – III (WPA3), successor to the currently installed WPA2 standards. More users are connecting to the network over mobile devices and Wi-Fi networks are carrying a significant portion of the network traffic. Multiple surveys have indicated that users are connecting to open public networks out of necessity even when they are aware of the potential risks. IoT implementations are becoming mainstream. The heightened security concerns in light of these trends led to the genesis of WPA3 after 14 years of publishing WPA2.
WPA/WPA2 have two distinct variations based on target users and authentication key distribution. WPA-Personal is designed for home users and small networks where a pre-shared key is manually input into the device while joining the network. WPA-Enterprise is designed for large networks by automating key generation and exchange to authenticate and encrypt the communication between the wireless device and the access point (AP).
Three key benefits of WPA3
- In-transit Security: The new standard introduces enhanced 128-bit encryption in WPA3-Personal and 192-bit encryption for WPA3-Enterprise implementations. Using higher bit encryption significantly decreases the odds of compromising the key.
- Secure Authentication: Similar to WPA2, WPA3-Personal still uses a pre-shared key to join the network. However, WPA3 adds another layer of security or “handshake” called Simultaneous Authentication of Equals (SAE). The latest standard also introduces “forward secrecy”, which protects the ongoing communication even if the pre-shared key used to authenticate is compromised.
- Public Network Security: Public networks such as in airports, malls and municipal networks are usually unencrypted or “Open.” With WPA3, the communication over open network is automatically encrypted with a mechanism called Opportunistic Wireless Encryption (OWE). This prevents eavesdropping while connected on a public network.
In addition, WPA3 introduces an optional Device Provisioning Protocol (DPP) for onboarding IoT devices that do not support a browser. DPP allows IoT devices to be configured with network credentials using QR code. As a good IT practice, security fixes should be applied immediately when available.
By Kowshik Bhat
Published with permission from Riverbed.