Categories: Networks

CES 2018: Wi-Fi Alliance Previews New Industry-Wide WPA3 Security Standard

The Wi-Fi Alliance, backed by industry giants including Apple, Cisco, Intel and Microsoft, said this year will see the introduction of a new version of the WPA set of security technologies used in all Wi-Fi certified devices.

The launch of WPA3, announced in Las Vegas in conjunction with the CES consumer electronics show, follows last year’s disclosure of an attack called KRACK that affected devices using the protocol’s previous version, WPA2.

But the Wi-Fi certification body said it expects devices to continue using WPA2 “for the forseeable future”, even as the more secure standard begins to appear in new hardware.

While it didn’t disclose technical details, the group said WPA3 will include protections for networks with weak passwords and a feature making it easier for devices without screens, like locks or light bulbs, to be configured by gadgets such as smartphones or tablets.

Military-grade security

The standard is also to include individualised encryption for protecting privacy in open networks and a 192-bit security suite aligned with the Committee on National Security Systems’ Commercial National Security Algorithm (CNSA). The suite is aimed at users that require more robust security, such as those in government, the military and industry.

Mathy Vanhoef, the postdoctoral computer security researcher at Belgium’s KU Leuven who discovered the KRACK flaw, speculated the privacy-protecting encryption feature might refer to Opportunistic Wireless Encryption (OWE), a standard that doesn’t require authentication, but he said such protocols are “crutches” that can actually weaken security because users come to rely on them instead of opting for stronger techniques.

He said the protection for weak passwords appears to be a stronger handshake method such as the one known as “Dragonfly”, which is designed to be resistant to dictionary attacks – those in which the attacker repeatedly guesses likely passwords until the right one is found.

Loading ...

“Linux’s open source Wi-Fi client and access point already support the improved handshake,” Vanhoef wrote on Twitter. “It just isn’t used in practice. But hopefully that will change now.”

He noted that WPA3 should formalise the use of stronger security methods that are already in place on many networks.

“The standards behind WPA3 already existed for a while,” Vanhoef wrote. “But now devices are required to support them, otherwise they’re won’t receive the ‘WPA3-certified’ label.”

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Smartphone Shipments To Rebound In 2024, Says Counterpoint

Relief for Apple, Samsung etc after smartphone shipments are predicted to recover in 2024, as…

31 mins ago

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

22 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

23 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

23 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago