The Wi-Fi Alliance has presented in Las Vegas new security enhancements and features for the well-known Wi-Fi Protected Access (WPA), an essential feature of wireless Wi-Fi networks to provide security. The Wi-Fi Alliance itself is launching improvements in the configuration, authentication and encryption of data to certified devices, with the aim that they remain safe, and throughout this year they will launch WPA3, the new version of the Wi-Fi security protocol. Fi.
WPA2 has been with us for many years, providing reliable security, and is used by billions of Wi-Fi devices every day. The Wi-Fi Alliance has announced that they will continue using this protocol, although with improvements in the WPA2 itself to improve the protection of users as the security landscape progresses. With the KRACK vulnerability, the WPA2 protocol was put in check, but later the Wi-Fi Alliance and the manufacturers have released patches to mitigate this attack, which we already informed you about:
Advanced Wi-Fi devices that want to provide additional security can activate protected management frames (Protected Management Frames), widely adopted in the current generation of devices that are certified by the Wi-Fi Alliance, although in real life they are still there are many devices that do not support this type of protected frames, so they can not connect to the wireless network, forcing the router or access point itself to send them unprotected. The Wi-Fi Alliance has stated that the new built-in enhancements will reduce potential vulnerabilities due to poor Wi-Fi network configuration, protecting managed networks.
Due to the success of WPA2 and its generalization, the Wi-Fi Alliance will offer a set of features to simplify the security configuration of the Wi-Fi network, both for users and service providers, while improving security protections. the wireless network.
WPA3 is expected in this year 2018
During this year 2018, four new features will be created for the final WPA3 standard, which will be aimed at both personal and corporate Wi-Fi networks, just as we currently have WPA2 that is available to all.
Secure Wi-Fi networks even if we have passwords that are not completely secure
Two of these features of the new WPA3 are aimed at offering robust protection , even when users choose passwords that do not meet basic security recommendations. A WPA password that does not comply with a basic security recommendation is for example to put 8 digits (the minimum of WPA2), and that is easily hacked through brute force, or put common words of a dictionary, to be able to attack the handshake of WPA2 through key dictionary. In addition, it will also simplify the security configuration process for devices that have a limited or no display interface. Taking into account that WPA3 will improve this, it is almost certain that they will improve the security of the handshake that occurs when connecting a wireless device to the AP or router for the first time, in this way, it will be more difficult (or impossible) to capture it and then attack it with different techniques such as a dictionary.
Surely use a technique in the handshake called Simultaneous Authentication of Equals (SAE), or also known as DragonFly. All the protocols that WPA3 will use internally are already designed, but now the devices that want to have the WPA3 certification of the Wi-Fi Alliance will have to implement it. In fact, Linux already supports this improved handshake in both AP mode and client mode, but it is not used simply because there is no inter-compatibility, and the Wi-Fi Alliance aims to solve this with its certifications.
Encryption in open Wi-Fi networks and 192 bits
Another feature that will come soon is that the user’s privacy will be strengthened in open networks, through individual data encryption. In this case, Opportunistic Wireless Encryption will be used, that is, we will have data encryption but not authentication. We recommend reading RFC 8110 where this is detailed.
Finally, it will incorporate a 192-bit security suite, aligned with the CNSA to provide greater security, and is that the Wi-Fi Alliance has commented that even Governments, Defense or industrial environments can use Wi-Fi with WPA3 in a totally safe way
The Wi-Fi Alliance has not commented anything about AES-GCMP, so we assume that it will be part of the WPA3 protocol that we will see throughout this year: