Close

HPE Aruba Networking Blogs

Is WPA3 the Solution to Our Problems?

By Kevin Blackburn, Blog Contributor

Recently, I wrote an article about WPA2 and how technology is evolving to the point where what was once a strong, stable protocol is now very vulnerable. Shortly thereafter, the Wi-Fi Alliance make their announcements for their focuses in 2018 and they are looking to kick things up a notch this year when it comes to security.

The first thing to make note of is that they made mention to the fact that they “will continue enhancing WPA2 to ensure it delivers strong security protections to Wi-Fi users as the security landscape evolves” per their press release announcing their focuses. That announcement was preempting the fact that this year new security protections will be announced as part of the “Wi-Fi Certified WPA3” security protocol. The fact that WPA2 development is not stopping should calm users of legacy devices that are no longer being updated as well as users that may not be able to update devices due to budgetary reasons, healthcare regulations, etc. Concerning the new WPA3 updates specifically, though, there were two updates that were announced that I was particularly pleased to see addressed in the way that they were.

Securing Even the Weakest Passwords

One of the main topics that are looking to be addressed within WPA3 is securing network access even when passwords that are used are not very complex. Let’s be honest, the majority of networks out there will not have passwords that look like this: “5r!4VDs{H.zwP_]H”. The main focus of this new method of security is that malicious wireless network users will not be able to hammer away at a network any longer, trying to use a dictionary attack to brute force the wireless network key. This is due to the fact that the process of a multi-step handshake will be redesigned and prevent users from connecting after a certain number of failed attempts. Details on exactly how this will still work are pretty limited at this point, but this alone sounds very interesting considering the recent KRACK attack that targeted WPA2’s handshake process. No doubt that the handshake process will be a focus in WPA3.

Securing the Coffee-Shop

The other feature that caught my attention will help wireless network users in places such as coffee shops, sports arenas, and stadiums. Some of the new technologies that will be released will focus on individualized encryption streams over the wireless to help secure the traffic of each individual network user while still being an “open” and inherently insecure network. Bringing security such as this could open the door for exploration into other uses for the wireless networks in a business setting such as different types of payment solutions and more. Without ensuring each network user is secure, some of these ideas may have their development stalled.

Credit: Flickr/Nadine Heidrich

What’s the Timeline Look Like?

Very few details around the release date of WPA3 and the accompanying technologies have been given during this initial release, but I would make sure to follow the Wi-Fi Alliance and wireless network vendors, like Aruba Networks, for the latest updates on the pending release and implementation guides on this exciting, new, and secure wireless network security protocol.