With KRACK and other vulnerabilities to WPA2 becoming more widespread, it is high time for a new security standard to be introduced for WiFi networks. In January, the WiFi Alliance made a press release where they announced the replacement for WPA2, WPA3. There are several enhancements in WPA3. Here, we will discuss the technical changes as well as why these changes are important.
- A More Secure Handshake - In 2017 we saw the KRACK attack against WPA2 which allowed attackers to eavesdrop on WPA2 protected wireless networks. WPA3 will utilize Simultaneous Authentication of Equals (SAE)https://ieeexplore.ieee.org/abstract/document/4622764/ followed by the traditional 4-way handshake. This new method is not succeptible to offline dictionary attacks since SAE generates a new Pairwise Master Key each time. This is a major improvement since many networks, especially home networks, use simple passwords that could easily be compromised when using WPA2. The new SAE handshake also provides forward secrecy. This means that if the network password is somehow compromised, the attacker will not be able to decrypt old captured traffic. This is the opposite of WPA2. With WPA2, once you have the password, you can use it to decrypt any old captured traffic.
- Replacement of WPS - I'm sure you have all used WPS to setup a wireelss printer or other device that does not have a user interface that allows you to enter a WPA2 pre-shared key. I'm also sure that many of you don't know that WPS is considered insecure. WPA3 gets rid of WPS and replaces it with WiFi Device Provisioning Protocol (DPP). DPP uses QR codes, bluetooth, NFC, or USB to add devices to the network via an already authenticated smartphone. DPP will provide a much needed vendor-neutral standard for on-boarding IoT devices.
- Unauthenticated Encryption - On open networks or on networks where the WPA2 Pre-shared Key is public knowledge, like a hotspot at a coffee shop, an attacker can listen on the channel and see all of the traffic. One of the proposed benefits of WPA3 is individualized encryption for open networks. Essentially, when a user connects to an open network, their wireless traffic will be encrypted. This will prevent an attacker from simply sniffing wireless traffic and reading it. Mathy VanHoef makes a great point that this does not prevent an attacker from setting up a fake AP and tricking your device into connecting to it, but it is better than nothing. A better method could be to have a client trust an AP on first use. Then an attacker's fake AP would not be trusted by the client, and the client would refuse to connect. There is currently no mechanism for this.
- Increased Session Key Sizes - In WPA3, devices will be required to support 192 bit key sizes. This is an improvement over WPA2.
Not a lot changes for enterprise wireless networks, but WPA3 offers much more robust security for home WiFi networks and public WiFi networks. We should start seeing devices that are WPA3 certified sometime in the summer of 2018.