Categories: Networks

CES 2018: Wi-Fi Alliance Previews New Industry-Wide WPA3 Security Standard

The Wi-Fi Alliance, backed by industry giants including Apple, Cisco, Intel and Microsoft, said this year will see the introduction of a new version of the WPA set of security technologies used in all Wi-Fi certified devices.

The launch of WPA3, announced in Las Vegas in conjunction with the CES consumer electronics show, follows last year’s disclosure of an attack called KRACK that affected devices using the protocol’s previous version, WPA2.

But the Wi-Fi certification body said it expects devices to continue using WPA2 “for the forseeable future”, even as the more secure standard begins to appear in new hardware.

While it didn’t disclose technical details, the group said WPA3 will include protections for networks with weak passwords and a feature making it easier for devices without screens, like locks or light bulbs, to be configured by gadgets such as smartphones or tablets.

Military-grade security

The standard is also to include individualised encryption for protecting privacy in open networks and a 192-bit security suite aligned with the Committee on National Security Systems’ Commercial National Security Algorithm (CNSA). The suite is aimed at users that require more robust security, such as those in government, the military and industry.

Mathy Vanhoef, the postdoctoral computer security researcher at Belgium’s KU Leuven who discovered the KRACK flaw, speculated the privacy-protecting encryption feature might refer to Opportunistic Wireless Encryption (OWE), a standard that doesn’t require authentication, but he said such protocols are “crutches” that can actually weaken security because users come to rely on them instead of opting for stronger techniques.

He said the protection for weak passwords appears to be a stronger handshake method such as the one known as “Dragonfly”, which is designed to be resistant to dictionary attacks – those in which the attacker repeatedly guesses likely passwords until the right one is found.

Loading ...

“Linux’s open source Wi-Fi client and access point already support the improved handshake,” Vanhoef wrote on Twitter. “It just isn’t used in practice. But hopefully that will change now.”

He noted that WPA3 should formalise the use of stronger security methods that are already in place on many networks.

“The standards behind WPA3 already existed for a while,” Vanhoef wrote. “But now devices are required to support them, otherwise they’re won’t receive the ‘WPA3-certified’ label.”

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

5 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

6 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

7 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

8 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

10 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

11 hours ago