WPA3 - the new Wi-Fi security standard

Cyber Security            Science & Technology

WPA3 - the new Wi-Fi security standard

Wi-Fi security is about to get the biggest upgrade in over a decade - WPA3 standards. Let's take a look what it is and what it has to offer.

-

At present when the world feeds on data, wifi has become an integral part of our daily lives. Be it home, office or marketplace, we depend on wifi to stay on top, connected. Thus in a world where all our online activities is carried out by wifi, securing personal data is an important concern. Looked after by the Wifi Alliance, the wifi security protocols has been evolving as the number of wifi devices in use has grown.

On June 26, the Wifi Alliance announced WPA3, the new security standard for wifi devices that is aimed at replacing its predecessor, the WPA2 standard. Although it'll still be a while our devices implement WPA3, let's take a look at what WPA3 will offer.

“WPA” stands for Wi-Fi Protected Access. If your router is password enabled at this moment, then it is most likely to be following the WPA2 standards. The older standards are WPA1/WEP, which aren't secure anymore (change it immediately, in case you're using them and wondering about the slow speed - your security might be compromised). WPA2 is a security standard that sets the protocols, a router and it's client devices uses to perform the "handshake" that is responsible for their connectivity and communication. WPA2 being the modified version of WPA1 standard, requires implementation of strong AES encryption, which ensures a tight and private connectivity, with apparently no room for eavesdropping. Technically, WPA2 is a hardware certification that device manufacturers must apply for. A manufacturer must fully implement the required security features before being able to market their device as "Wi-Fi CERTIFIED™ WPA2™".

Encryption type


Having debuted 14 years back, WPA2 has served us well paving the way for the latest WPA3 standards to take over. Qualcomm has started working on chips while Cisco announced upcoming support that might even include updating existing devices to support it.

One of the main drawbacks of WPA2 is that it lets hackers employ an offline dictionary attack to guess your password. An attacker can take as many chances as they want at guessing your password without being on the same network, cycling through the entire dictionary and beyond (the reason you are asked to choose a strong password including symbols and alphanumeric characters).

The Wifi alliance declared WPA3 will mainly cover the following shortcomings of WPA2 which are:

1. Privacy in Public Networks:
Public networks are considered quite insecure given that they allow anyone and everyone to connect and intercept data as the traffic isn't encrypted at all. WPA3 fixes this by using "individualized data encryption". When one connects to an open Wi-Fi network, the traffic between the device and the Wi-Fi access point will be encrypted, even though the network is open.

2. Protection Against Brute-Force Attacks
When a client device connects to a certain Wi-Fi access point, a "handshake" is performed that ensures the encryption used to secure the connection. KRACK attack (Key Reinstallation Attack), uncovered last year had proven to have compromised the encryption. WPA3 defines a new handshake that “will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations”. Which means that even if one's using a weak password, the WPA3 standard will protect against brute-force attacks where a client attempts to guess passwords over and over.

3. Safer Connections
WPA3 also includes a feature that promises to simplify the process of configuring security for devices that have limited or no display interface - IoT devices.

According to the Wi-Fi Alliance, new devices supporting WPA3 will be released later in 2019. Exactly how much secure WPA3 will be - is something we may not know until we see how the manufactured hardware handles the standard - there’s often a rather significant gap between how these standards are intended to be used and how they’re actually implemented. It’s also not clear if we’ll see older devices patched to provide updated support for WPA3, or if that support will be particularly robust.