Security Is the Focus of New WPA Updates in 2018

The Wi-Fi Alliance, which manages the certification standard for Wi-Fi devices, has announced enhancements to the Wi-Fi Protected Access II (WPA2) protocol, as well as a pending arrival of a new WPA3 protocol.

Both standards are expected to bring more security to network-connected devices and feature adjustments to make them more suitable to the changing networking environment. Here's an overview of some of the changes we know about so far.

Enhancing Security for Longevity in WPA2

WPA2 has been in use since 2004, essentially replacing Wireless Equivalent Privacy (WEP), a standard that was eventually found to be insufficient in protecting user data. WPA2 is ubiquitously used in billions of devices worldwide today. 

The changes proposed by the Wi-Fi Alliance focus on ensuring better security and supporting WPA2’s continued use for the long-term future. Some of these changes include the addition of Protected Management Frames (PMFs) on top of already existing security protocols. PMFs will protect unicast frames from eavesdropping and forging, and multicast frames from forging. 

Security in WPA2 was in the spotlight late 2017 after the Key Reinstallation Attack (KRACK Attack) was discovered, which allowed attackers to view private data when in range of a network connection, as well as several other potential attacks as a result of this vulnerability.

 

Screenshot of a KRACK Attack demo in October 2017. Image courtesy of KRACK Attack.

 

Of course, since WPA2’s implementation in 2004, the networking world looks quite different. Now, billions of personal devices, business systems, and IoT enabled equipment now using Wi-Fi to connect. Added security will certainly help maintain this widespread connectivity.

Simplifying Configuration and Enhanced Security in WPA3

WPA3’s approach will be to make it easier for users to configure their networks, whether they are a home-user or an enterprise user. This certainly is a welcome change since one of the greatest security vulnerabilities is often a user’s lack of initiative on changing default passwords or configuring security profiles either due to a lack of knowledge, or unintuitive access. 

Wi-Fi Alliance also plans to make these settings easy to access, even without display interfaces. There will also be two features that will still provide protection even with passwords that do not meet minimum complexity requirements (must have one capital letter, one lower case letter, a number, and a special character, etc), provide individual data encryption for devices connected to the network, and a 192-bit security suite to make WPA3 suitable for highly sensitive information in government, industrial, or security environments. 

Since this will be the first completely new WPA standard since WPA2, it certainly is expected that WPA3 will be much better suited to today’s use of Wi-Fi connectivity in devices managing and handling data that is personal or sensitive. 

 

Free Wi-Fi hotspots are being offered in cities like NYC. Image courtesy of Jim Henderson [CC BY 3.0]

Who is the Wi-Fi Alliance?

The Wi-Fi Alliance was founded in 1999 and is a non-profit organization that focuses on the promotion of Wi-Fi technology, the certification of Wi-Fi products, and developing standards to ensure interoperability, backwards compatibility, continued development, and innovation of the technology. They emerged as a result of the IEEE 802.11 falling short of its goal of ensuring interoperability among devices, largely because of the lack of testing equipment to ensure the standard was being utilized. 

Today the Wi-Fi Alliance has over 550 companies that are members and is based in Austin, Texas, including Intel, Broadcom, Microsoft, and Qualcomm. 

Feature image courtesy of the Wi-Fi Alliance.