InfoGuard Cyber Security and Cyber Defence Blog

All good things come in threes - WPA3 for greater Wi-Fi security

Geschrieben von Michael Arnold | 23 Aug 2018

Not so long ago, computers could only access the Internet via a LAN cable. Can you remember that? I'm sure you can! Fortunately, those days are behind us. Wireless LAN (known as WLAN) has made our lives considerably easier - but it has also made us more vulnerable. Wireless connections are a favourite target for cyber attacks and consequently need to be protected. The most widely used and recommended encryption method in wireless networks to date is WPA2 (Wi-Fi Protected Access 2). However, this standard has been around for 14 years now (!) In addition, a serious security gap in WLAN encryption WPA2 shocked users last autumn. It was high time to introduce the next generation: WPA3 encryption.

Today WPA2 is the standard protection for wireless networks. From private WLANs and guest WLANs in companies and hotels to corporate networks, there is nowhere that WPA2 is not used. Unfortunately, WPA2 does not appear to be as secure as we previously assumed. Belgian security researcher Mathy Vanhoef made a discovery in 2017 that caught the attention of more than just cyber security experts. WLAN encryption was relatively easy to remove, so that data could be intercepted in the airwaves and then tampered with. The "KRACK Attack" (Key Reinstallation Attack) baptised by Vanhoef was born. 

Secure transmission with WPA3

Of course, a WLAN network full of holes is anything but harmless. Many few people start to feel queasy when they think about the possibility of their (apparently encrypted) information being read by others. We will soon be introducing the new WPA3 encryption. The Wi-Fi Alliance has already started to certify the first devices in accordance with WPA3. The aim is to get information safely from A to B again. 

But what are the innovations? Four functions have been defined in the new standard:
 

  1. We all know what secure passwords are supposed to look like. But the fact is that only very few people stick to these rules. So WPA's first improvement is a more robust protection for weak passwords, and this itself protects against brute force attacks. PSK mode is replaced by SAE (Simultaneous Authentication of Equals), which is resistant to active, passive and dictionary attack. WPA3-SAE secures the protocol even when it is used with PSKs. The WPA2-PSK mode is generally considered to be too weak.

    With WPA3-SAE, users do not need to learn new security procedures. The user interface for SAE is identical to a PSK network. Users do not notice anything in the foreground and can easily enter their password. However, in the background, they get a really secure connection - convenient, isn't it?

  2. A second improvement is to simplify the configuration process and security for devices with restricted display interfaces. This is becoming increasingly important, especially in terms of the IoT (Internet of Things) - one of the most trending issues par excellence. This innovation is ideal for sensors, intelligent sockets and light bulbs. Device Provisioning Protocol (DPP) provides these devices with a certificate-like authorisation. It also allows a trusted device such as your smartphone to give another device access to the wireless network. How? Quite simply, for example by scanning a QR code, using a conventional code or using NFC. Wi-Fi Easy Connect - as the name suggests - is not only simple but also extremely secure.

  3. Open Wi-Fi hotspots in shops, cafés and restaurants used to be a big issue in terms of security. In an open WLAN like this, or in a network secured with a public key (PSK) (e.g. using a login code), the data traffic can be viewed by attackers in the network. WPA3 - or more precisely Wi-Fi Enhanced Open - puts an end to open networks. The new "OWE" (Opportunistic Wireless Encryption) approach encrypts all wireless data traffic in previously open networks. Thus OWE sets a new benchmark for security and it protects against passive attacks.

  4. As a last innovation, the Wi-Fi Alliance is announcing that WPA3 will include a "192-bit minimum security protocol". This variant of WPA3 for business and government has the Enterprise addition and offers special, bespoke functionalities. This suite has been coordinated with the Commercial National Security Algorithm (CNSA) suite of the National Security Committee.

WPA3 sets security barriers higher

We sermonise about it over and over again - take cyber security seriously and keep your network infrastructure up to date. This also applies to WLAN security. WPA3 enjoys broad support in the industry and will end up on users' end devices in the coming months and years. WPA2 will also continue to be updated and supported for quite some time, as it will take years for the new WLAN security standard WPA3 to become established.

Increase your WLAN Security

WLAN security is becoming increasingly important and more difficult, particularly when the IoT is evolving and the increasing cyber attacks are taking place. This makes a secure WLAN infrastructure a must, even if "only" the internal network is involved. Rely on cyber security experts who are able not only advise you but also to implement suitable solutions. InfoGuard has both - contact us! We will help you to make your WLAN network secure.

 

 

Aruba – The leader for Wired and Wireless LAN Access Infrastructure in the Gartner Magic Quadrant 2018

Our partner Aruba, a member of the WiFi Alliance, has again this year been recognized by Gartner in the Magic Quadrant Report - this time as a leader in the area of "Wired and Wireless LAN Access Infrastructure".

Download the free Gartner Magic Quadrant Report 2018 for Wired and Wireless LAN Access Infrastructure and learn how Aruba has positioned itself as the market leader.