Yesterday, the Wi-Fi Alliance announced the long-awaited, next generation in Wi-Fi security, WPA3. After 15 years, WPA3 will now begin to replace the existing WPA2 protocol, which is currently used by billions of wireless devices every day. For quite some time, WPA2 has long been considered insecure. It has always been vulnerable to brute force and dictionary attacks, which take advantage of wireless networks that have a weak password. It also suffered from a weak WPS pin that was only 6-digits long, making it easy for hackers to brute force.
But, perhaps the most foreboding vulnerability of WPA2 were the recent discover of Key Reinstallation AttaCKs (KRACK), a type of wireless exploit discovered by Mathy Vanhoef that decrypts Wi-Fi traffic. This particular vulnerability left all WPA2 networks vulnerable no matter how strong the password was and it was also assigned 10 CVE identifiers, making it a very severe vulnerability in the WPA2 protocol itself.
WPA3 will add new security features that promise to eliminate these vulnerabilities in WPA2, including KRACK attacks. These features include more robust authentication, increased cryptographic strength, simpler configuration, and a new version of WPS, all designed to make it harder for hackers to hack your Wi-Fi networks. And, of course, WPA3 will come with both a WPA3-Personal mode for home networks or small businesses, and a WPA3-Enterprise mode for larger enterprise networks.
According to the Wi-Fi alliance, WPA3-Personal offers a “more resilient, password-based authentication even when users choose passwords that fall short of typical complexity recommendations.” WPA3 uses Simultaneous Authentication of Equals (SAE), a key establishment protocol that is resistant to passive attacks, active attacks, and dictionary attacks. More on this in a moment
WPA3-Enterprise offers the same 192-bit encryption; however, it provides “additional protections for networks transmitting sensitive data, such as government or finance.” The additional cryptographic enhancements come from the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems (CNSS). The CNSS is a part of the NSA; therefore, we can strongly expect a robust cryptographic suite.
WPA3 New Features
Protection Against Brute Force & Dictionary Attacks
As I mentioned earlier, WPA2 has always been vulnerable to online and offline password cracking attacks. The WPA 4-way handshake was on the right path of good security by never openly transmitting the PMK (PSK) or PTK between the supplicant and authenticator. Instead, the supplicant and the authenticator have to prove they both know the PMK without ever passing it through the air. This is done by exchanging cryptographic keys in a cleverly designed process. However, it was not enough to thwart crafty hackers from generating their own key and using the ANonce, SNonce, MAC addresses, and MIC from any WPA handshake capture to verify if it matches.
WPA3 makes it harder for hackers to crack the Wi-Fi password using this same method. Instead of relying on the WPA 4-way handshake, WPA3 uses the Simultaneous Authentication of Equals (SAE) handshake, which should provide stronger protection against password cracking attacks, even if the password is weak.
Perfect Forward Secrecy
The SAE key establishment protocol, which will be the new authentication mechanism for WPA3 also happens to be based on Diffie-Hellman. This is a key exchange algorithm used to securely share the PSK between the supplicant and the authenticator over an unprotected communication channel. Importantly, there are different types of Diffie-Hellman you can use.
Diffie-Hellman (DH) uses static keys and is vulnerable to MitM attacks; however, if the communication is encrypted, an eavesdropper cannot make any use of the data or capture the key exchanges.
On the other hand, Diffie-Hellman Ephemeral (DHE) uses ephemeral (changing) keys, which generate different keys for each session. Since DHE uses ephemeral keys, it provides “Perfect Forward Secrecy” because the public keys are changing and completely different for each session. If WPA3 uses DHE, then KRACK attacks shouldn’t work because keys cannot be reused.
There is also an Elliptic Curve Diffie Hellman (ECDH) key exchange that uses mathematical equations to create an elliptic curve. The math behind Elliptic Curve Cryptography (ECC) is so complex, but it uses this process to graphs points on the curve to create keys. The NSA strongly endorsed ECC for Diffie-Hellman Key agreements back in 2005, so it is pretty robust.
Protection on Public/Open Wi-Fi Networks with Wi-Fi Certified Open
On the previous WPA2 open networks that offered no encryption, supplicants authenticated to the authenticator immediately after association. If, however, there was a PSK, then the supplicant and authenticator would complete the WPA 4-way handshake as usual. Once the supplicant and authenticator prove knowledge of the PSK, they derive traffic encryption keys for both unicast and broadcast traffic.
How many times have you walked into a coffee shop, hotel, airport, or gym that offered free Wi-Fi with no password? Or how about the times you walked into a cafe and the Wi-Fi password (PSK) was displayed on the menu? After you associate to these public Wi-Fi networks, anybody on the same network can perform a MitM attack and capture your Wi-Fi traffic. This is because the PSK is known by EVERYONE. Hackers can capture the WPA 4-way handshake and derive your specific session key to decrypt your traffic. Or, if they happen to miss you authenticating to the public Wi-Fi network, they can send you a deauth frame and wait for you to re-authenticate to the wireless AP and capture the handshake.
WPA3 supports Opportunistic Wireless Encryption (OWE), defined in RFC 8110, to replace Open and PSK Wi-Fi networks. This new feature is called “Wi-Fi Enhanced Open.” This provides security behind the scenes during the initial authentication between the supplicant and authenticator by using a Diffie Hellman key exchange before the WPA handshake begins. This prevents hackers from capturing the WPA handshake and keeps you safer on public/open Wi-Fi networks.
WPA3 offers enhanced 192-bit encryption from the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems (CNSS). This is a change requested by the U.S. government, so it will be interesting to see just how strong this encryption really is.
Wi-Fi Certified Easy Connect to Replace WPS
WPA3 comes with “Wi-Fi Easy Connect,” a replacement for Wi-Fi Protected Setup (WPS). In WPA networks, there used to be a WPS 6-digit pin. All you had to do was type the WPS pin that was on your router or AP into the device you wished to connect to the network and, voila, your device was now paired. There was also sometimes a WPS button on the router or AP itself. You could press that button to turn on the discovery of new devices, which would then give you 60 seconds to pair your device to the network. WPS was proven inherently insecure 2011, and the Wi-Fi alliance has since then urged everyone to disable WPS.
Wi-Fi Easy Connect will not use a WPS pin or WPS button. Instead, it will use a QR code that you can scan with your smartphone and have the Wi-Fi credentials automatically sent to the new smart device. This will be great for IoT devices that have no interface for you to type in a network password, like Amazon Echo, Google Home, and light appliances that can connect to your home network.
When Can We Expect to See WPA3?
Despite the recent launch of WPA3, it will take some time to roll out. Device manufacturers need some time to create devices that support WPA3 and must be granted the “Wi-Fi Certified WPA3″ mark. Therefore, WPA2 will be around for a little while longer. But, in time, wireless devices will be required to support WPA3 in order to be Wi-Fi certified. By 2019, there should be a widespread adoption of WPA3. These new WPA3 devices will be backwards-compatible with WPA2 devices (Of course, you won’t get to enjoy the benefits of WPA3).
Here’s to improved, future Wi-Fi security,
Gibson, D. (2017). CompTIA SECURITY+ Get Certified Get Ahead SY0401 Study Guide. Virginia Beach, VA: YCDA, LLC
Harkins, D. & Kumari, W. (2017). Opportunistic Wireless Encryption. Internet Engineering Task Force. Retrieved from https://tools.ietf.org/html/rfc8110#page-5
Harkins, D. (2008). Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks. 839-844. 10.1109/SENSORCOMM.2008.131. Retrieved from https://www.researchgate.net/publication/4373240_Simultaneous_Authentication_of_Equals_A_Secure_Password-Based_Key_Exchange_for_Mesh_Networks
Hoffman, C. (2018). What is WPA3, and When Will I Get It On My Wi-Fi? How-to-Geek, LLC. Retrieved from https://www.howtogeek.com/339765/what-is-wpa3-and-when-will-i-get-it-on-my-wi-fi/
Khandelwal, S. (2018). WPA3 Standard Officially Launches With New Wi-Fi Security Features. The Hacker News. Retrieved from https://thehackernews.com/2018/06/wpa3-wifi-security-standard.html
Wi-Fi Alliance. (2018). Wi-Fi Alliance® introduces Wi-Fi CERTIFIED WPA3™ security. The Wi-Fi Alliance. Retrieved from https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security