WPA3 Making Wi-Fi More Secure – Part 1
October 21, 2018WPA3 Making Wi-Fi More Secure – Part 3
October 30, 2018As previously discussed, the Wi-Fi Alliance recently introduced their most significant security update since 2004. Providing several critical updates to the 14-year-old WPA2, the Wi-Fi Protected Access 3 (WPA3) security certificate protocol addresses the flaws of its predecessor. Part 2 will discuss KRACK, Forward Secrecy, and 192-Bit Security Protocols.
KRACK
Interrupting handshakes by briefly dropping the router connection, KRACK uses repeated connection attempts to analyze handshakes until assembling the correct password. SAE prevents this type of cyber attack, along with more commonplace offline dictionary attacks where a computer presents numerous possible passwords until finding one matching the verification information given by PSK handshakes.
SAE (Simultaneous Authentication of Equals) functions by considering connecting devices as equals, as opposed to deeming one side as the explicit requester and the other as an authenticator. These would traditionally and respectively be the connecting device and the router. In WPA3, either side can initiate the handshake. Both can also independently transmit authentication information, as opposed to back-and-forth exchanges. Absent this type of exchange, KRACK is unable to get a foothold, rendering dictionary attacks futile.
Forward Secrecy
A second security SAE feature not available with PSK, Forward Secrecy is a protocol that ensures your session keys cannot be compromised, even if the private key of the server is compromised. If a cyber attack gains access to encrypted data a router is sending and receiving with PSK, the attacker could retain the data. If the attacker then subsequently succeeded in stealing the password, stolen data stored earlier can be decrypted.
SAE changes the encryption password every time a connection is established, so in the event an attacker has penetrated the network, they would only be able to steal the passwords that can decrypt data transmitted after the theft.
192-Bit Security Protocols
Featuring 192-Bit Security Protocols, WPA3-Enterprise is a WPA3 certification version designed for governments, financial institutions, and corporations. Considered extreme for a home network router, it is appropriate for networks handling sensitive information.
Part 3 will discuss the Easy Connect and Enhanced Open protocols.
Alpha Engineering Business Support
Choosing an expert computer technology-support provider is an important decision for your business. Alpha Engineering Associates has been a trusted partner of many companies in the Washington, Baltimore and Annapolis areas since 1990. For affordable client-focused network consulting services and solutions, please call Alpha Engineering Associates today at (410) 295-9500.