The Beacon

What’s new in Wi-Fi® security?

by
The Beacon

Continual evolution, greater transparency, and WPA3™ support for Wi-Fi CERTIFIED™ devices ensures Wi-Fi delivers state-of-the-art security protections.

Wi-Fi Alliance® has made Wi-Fi® security a priority since it was founded in 2000. Security is never stagnant – the technology landscape is always evolving, and Wi-Fi Alliance continually updates Wi-Fi security to ensure any threats are addressed in its standards.

WPA3™ is the latest version of Wi-Fi security for both personal and enterprise networks. WPA3 delivers a suite of features to simplify Wi-Fi security, as well as enhanced network security protections. All Wi-Fi CERTIFIED™ devices now require WPA3 and will have the latest security to protect users—one more reason to choose Wi-Fi CERTIFIED devices. Additionally, Wi-Fi CERTIFIED Vantage™ now includes WPA3 in its technology portfolio, ensuring managed network environments support state-of-the-art security.

Here is a quick look at the new capabilities WPA3 brought to Wi-Fi security.

What’s new in WPA3 security?

WPA3-Enterprise: 192-bit cryptographic strength for networks transmitting sensitive data

Enterprise Wi-Fi networks—especially in industries such as government and finance—often require additional security requirements that go beyond what is needed for personal networks. WPA3 offers an optional 192-bit security mode for these environments.

The 192-bit security mode provides an added level of protection by specifying the configuration of each cryptographic component, ensuring that the overall security of the network is consistent. By design, WPA3-Enterprise 192-bit security mode does not allow a Wi-Fi network to be configured below the defined, high level of security. A Wi-Fi network in 192-bit security mode requires all client devices to operate in the same 192-bit security mode.

WPA3-Personal: stronger password protection for users

WPA3 offers enhanced security to protect network passwords in personal networks. With WPA3, it is not possible to perform what is known as an “offline dictionary attack.” In this form of attack, an unauthorized third party attempts to determine the network password by trying possible passwords without further network interaction.

For users, this means that their Wi-Fi passwords are well protected from attacks even if they choose passwords that fall short of typical complexity recommendations.

WPA3 personal: data protection even if a password is later compromised

WPA3 networks include perfect forward secrecy. With this protection, even if an adversary successfully guesses the correct network password, they cannot observe a user’s earlier interactions on the network, determine the session keys for that interaction, or decrypt wireless traffic from other users on the network.

What’s new in open networks?

Wi-Fi CERTIFIED protects your data in public

Wi-Fi users access networks everywhere: at home, in the office, at the airport, in a café. Many of these public, or open, networks do not include the same type of network security as personal or enterprise networks.

Wi-Fi CERTIFIED Passpoint® is a popular security option for public or guest networks that includes WPA3-Enterprise security. With Passpoint® users seamlessly authenticate their device on the network or connect through credentials provisioned by a service provider. Upon subsequent visits to the same network, the Passpoint-enabled client device will automatically connect and provide a secure connection to a Wi-Fi network.

While Wi-Fi Alliance highly recommends users access secure, authenticated networks whenever possible, there are situations where it is not feasible or reasons why certain networks – such as coffee shops, airport lounges, or small businesses – choose not to deploy Passpoint or WPA3 networks.

In these open networks, Wi-Fi Enhanced Open™ is a solution that delivers improved protections, preserving the convenience of open networks, while allowing users to enjoy the additional security of having their traffic encrypted.

Wi-Fi Alliance delivers the latest in security

Next generation connectivity requires robust tools and practices to protect users. Wi-Fi Alliance continually updates its protocols to address the rapidly changing security landscape, and choosing Wi-Fi CERTIFIED products ensures that both Wi-Fi users and network providers have the most advanced protections. Recently, Wi-Fi Alliance has also taken steps to include the broader Wi-Fi industry and security researchers in early security standard development to help ensure Wi-Fi security addresses any existing threats.

These actions ensure the Wi-Fi Protected Access® family of technologies continues to meet greatest security demands. Broad adoption of Wi-Fi CERTIFIED products helps promote security best practices by ensuring devices include standards-based mechanisms, consistent security protocols, and mechanisms that are easy to use and deploy to better protect user data.

 

The statements and opinions by each Wi-Fi Alliance member and those providing comments are theirs alone, and do not reflect the opinions or views of Wi-Fi Alliance or any other member. Wi-Fi Alliance is not responsible for the accuracy of any of the information provided by any member in posting to or commenting on this blog. Concerns should be directed to info@wi-fi.org.

Add new comment


The Beacon