Back in January Wi-Fi Alliance announced WPA3 security protocol for Wi-Fi Protected Access, and today it again introduced the Wi-Fi CERTIFIED WPA3, the next generation of Wi-Fi security, bringing new capabilities to enhance Wi-Fi protections in personal and enterprise networks.
The new standard builds upon and ultimately replaces WPA2, which has seen widespread adoption over the past 10 years, enabling more robust authentication.
This includes, but is not limited to, per-client encryption capabilities, improved security when users pick too-simple passphrases, a 192-bit security cipher suite compliant with the US Committee on National Security Systems’ Commercial National Security Algorithm (CNSA) requirements, and simplified configuration for headless devices running without a display.
‘WPA3 takes the lead in providing the industry’s strongest protections in the ever-changing security landscape,’ claims Edgar Figueroa, president and chief executive of the Wi-Fi Alliance. ‘WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access.’
WPA3 delivers increased cryptography strength for highly sensitive data markets. There are two modes, WPA3-Personal and WPA3-Enterprise, both of which use the latest security methods and disallow outdated legacy protocols. Both also require the use of Protected Management Frames (PMF). The primary difference between the two comes down to the type of authentication used.
For home networks, WPA3-Personal leverages Simultaneous Authentication of Equals (SAE) in place of WP2-Personal’s Pre-Shared Key (PSK) algorithm. This offers users stronger protection against password guessing attempts and offline dictionary attacks. In workplace environments, WPA3-Enterprise uses a tougher set of security protocols that offer the equivalent of 192-bit encryption. It’s designed to protect networks that transmit sensitive data, such as government and finance. Specifically, it includes the following:
- Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
- Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
- Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
- Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)
“WPA3 takes the lead in providing the industry’s strongest protections in the ever-changing security landscape,” said Edgar Figueroa, President and CEO, Wi-Fi Alliance. “WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access.”
One of the biggest benefits to home users is that the added security doesn’t rely on overly complex passwords. Wi-Fi Alliance says WPA3-Personal allows users to choose passwords that are easier to remember and will protect data traffic even if a password is compromised after the data was transmitted.