The next generation of WiFi or Wireless Local Area Network (WLAN) equipped broadband ISP routers and devices will benefit from a new security protocol called Wi-Fi Protected Access III (WPA3), which should eventually replace the WPA2 standard that has helped to keep networks encrypted since 2004.

Generally WPA2 has done a reasonable job of keeping all our local wireless networks encrypted and away from prying eyes, although it did suffer a few knocks last year (example). The most notable problem for WPA2 was the recent discovery of several key management vulnerabilities in the 4-way handshake of its security protocol (aka – KRACK or Key Reinstallation Attacks).

The problems exposed by KRACK were patched, although issues with DEAUTH attacks and other weaknesses remain. Suffice to say that technology is always evolving and this week the Wi-Fi Alliance confirmed that they will introduce a new WPA3 security protocol during 2018. At the same time the alliance said they would “continue enhancing WPA2 to ensure it delivers strong security protections.

Apparently WPA3 will contain four new capabilities for personal and enterprise Wi-Fi networks. Two of the features aim to deliver “robust protections even when users choose passwords that fall short of typical complexity recommendations“, and will simplify the process of configuring security for devices that have limited or no display interface.

Meanwhile another feature will strengthen user privacy in open networks through individualized data encryption (finally!). Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will seek to further protect Wi-Fi networks with higher security requirements such as government, defence, and industrial sectors.

Edgar Figueroa, Wi-Fi Alliance President and CEO, said:

“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions. The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections.”
Perhaps one of the best impacts of WPA3 is that it allows even open networks, such as public WiFi hotspots in coffee shops or airports, to adopt encryption for end-users (as opposed to being completely open). Instead such “open” networks will now give each user their own encrypted (private) data channel, which should make it much harder for hackers to sniff out your data; but not impossible.

Likewise the WPA3 changes also suggest that traditional Brute Force attacks against WiFi networks, which attempt to extract passwords by bombarding the network with masses of requests using different combinations, could also find life much more challenging as the protocol has been hardened to limit such requests.

Historically the adoption of any new WiFi security standard has always been a tricky long-winded process. Naturally you can’t force your entire network to immediately use WPA3-only connections (assuming it is supported by your future broadband ISP router) because this would hamper backwards compatibility with WPA2 supporting kit.

This is perhaps the primary reason why the Wi-Fi Alliance intends to continue supporting WPA2, since it will take years before all of the kit in a typical home or office network environment is WPA3 capable. Such change usually happens through new hardware purchases, rather than firmware updates.