Categories: Networks

CES 2018: Wi-Fi Alliance Previews New Industry-Wide WPA3 Security Standard

The Wi-Fi Alliance, backed by industry giants including Apple, Cisco, Intel and Microsoft, said this year will see the introduction of a new version of the WPA set of security technologies used in all Wi-Fi certified devices.

The launch of WPA3, announced in Las Vegas in conjunction with the CES consumer electronics show, follows last year’s disclosure of an attack called KRACK that affected devices using the protocol’s previous version, WPA2.

But the Wi-Fi certification body said it expects devices to continue using WPA2 “for the forseeable future”, even as the more secure standard begins to appear in new hardware.

While it didn’t disclose technical details, the group said WPA3 will include protections for networks with weak passwords and a feature making it easier for devices without screens, like locks or light bulbs, to be configured by gadgets such as smartphones or tablets.

Military-grade security

The standard is also to include individualised encryption for protecting privacy in open networks and a 192-bit security suite aligned with the Committee on National Security Systems’ Commercial National Security Algorithm (CNSA). The suite is aimed at users that require more robust security, such as those in government, the military and industry.

Mathy Vanhoef, the postdoctoral computer security researcher at Belgium’s KU Leuven who discovered the KRACK flaw, speculated the privacy-protecting encryption feature might refer to Opportunistic Wireless Encryption (OWE), a standard that doesn’t require authentication, but he said such protocols are “crutches” that can actually weaken security because users come to rely on them instead of opting for stronger techniques.

He said the protection for weak passwords appears to be a stronger handshake method such as the one known as “Dragonfly”, which is designed to be resistant to dictionary attacks – those in which the attacker repeatedly guesses likely passwords until the right one is found.

Loading ...

“Linux’s open source Wi-Fi client and access point already support the improved handshake,” Vanhoef wrote on Twitter. “It just isn’t used in practice. But hopefully that will change now.”

He noted that WPA3 should formalise the use of stronger security methods that are already in place on many networks.

“The standards behind WPA3 already existed for a while,” Vanhoef wrote. “But now devices are required to support them, otherwise they’re won’t receive the ‘WPA3-certified’ label.”

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago