The number and know-how of devices connected to Wi-Fi networks have both exploded since late 2004, but almost 15 years later, the Wi-Fi Protected Access II (WPA2) security protocols are still responsible for protecting them. Almost fifteen years down the line, the Wi-Fi Alliance has now started a list of devices certified for next-generation WPA3 security. Like its predecessor, WPA3 will operate in Personal mode for consumer applications and Enterprise mode for businesses.
The Wi-Fi Alliance says WPA3-Personal uses a technology called Simultaneous Authentication Equals (SAE) to secure the key establishment protocol between devices and increase the network's resistance to offline password-guessing attempts by potential intruders, even when the password isn't as complex as it should be. WPA3-Personal also includes forward secrecy, a scheme to prevent the decryption of intercepted and recorded data if the password is compromised after those packets have been intercepted. Protected Management Frames (PMF) protect wireless networks from forged management frames that can disrupt communications between clients and the access point.
WPA3-Enterprise has 192-bit minimum-strength encryption for transmission of sensitive data on business and government networks. The mode employs GCMP-256, HMAC-SHA384, ECDH, ECDSA, and BIP-GMAC-256 technologies to help protect data. The Wi-Fi Alliance's security page has a decoder ring for that bowl full of alphanumeric soup.
Folks that have headless devices like a Wi-Fi speaker or smart switch know that getting these widgets connected to the local Wi-Fi network can be the trickiest part of the whole operation. The Wi-Fi Alliance is also introducing a technology called Wi-Fi Easy Connect that the group says will make this sometimes-tricky process easier and more consistent. The process involves scanning a QR code on the device to be added using a smartphone in order to add it to an existing Wi-Fi network.
The group also recently introduced Wi-Fi Certified Enhanced Open, a certification program for devices to provide some level of security for users on open Wi-Fi networks like those found in coffee shops and retail stores. The underlying technology is called Opportunistic Wireless Encryption (OWE). OWE establishes unique cryptography mechanisms for each client along with PMF to increase the overall reliability of the connection.
The group says that WPA3 Wi-Fi devices will maintain interoperability with existing WPA2 hardware. Given the 15-year-long accumulation of WPA2 devices, we suspect the transition to WPA3 will take a while. The Wi-Fi Alliance says it has the support of companies like Arris, Broadcom, Cisco, HP, Huawei, Intel, Marvel, Qualcomm, and Silicon Motion in this new effort. The group has certified over 40,000 Wi-Fi devices since 2000, and there will doubtless be many more to come.