If you remember back to late last year, you might have heard about the numerous fundamental flaws found within the security frameworks of WiFi. The flaws basically enables any WiFi network to be accessed by hackers in its vicinity to snoop and steal any information they wanted with no way of stopping them.
In response to this major security issue, white papers were released and researchers moved in on the WPA2 framework and worked tirelessly to develop a fix that would truly bring WiFi into the future.
Let’s take a look below at what’s about to become the new global WiFi standard.
In direct response to the flaws found in WPA2, the Wifi Alliance announced the development of WPA3; the highly-advanced and deeply secure successor to WPA2. It’s been touted to not only fix the KRACK vulnerability but generally build upon countless other issues within WiFi since the last update in 2004.
No More KRACK
One of the world’s worst digital security flaws in recent memory was the Key Reinstallation Attack or KRACK vulnerability. This was such a dangerous flaw that the WiFi Alliance truly had no other way to go about it than to totally redesign how WiFi works.
The way KRACK worked was by exploiting WiFi’s typical four-way ‘handshake’ with devices. This handshake has now been strengthened and WPA3 has now replaced it with a newer Simultaneous Authentication of Equals handshake.
Improved Password Advocacy
In addition to updating the security frameworks, WPA3 also does its best to protect users from themselves with a new password requirement. As you probably already know, people tend to use trivial and easily-guessable passwords. This meant that if someone wanted to hack into the network they could effortlessly use a brute force attack and enter thousands of passwords at the same time to unlock the network. WPA3 is designed to block this.
The new Simultaneous Authentication of Equals, the handshake that replaces the older four-way handshake, now entirely prevents this. There is no way for an attacker to enter more than one password at a time. This would effectively make guessing a password impossible unless the attacker had years to do it.
A new ‘Natural Password Selection’ feature also now allows users to easily choose an extremely strong password that is memorable.
Forward Secrecy – Improved Encryption
A new Forward Secrecy protocol means that in WPA3 every time someone connects to the network, an entirely fresh set of encryption keys is released. If someone does enter your network or the router, there’s no way for them to access the existing data as it was produced with a different encryption key.
This is where the biggest changes come into effect. Enterprise, financial and government users have to utilise the most powerful and secure networks in the world – and WPA3-Enterprise is designed to cater to them.
All transmitted data is protected under the new 256-bit Galois/Counter Mode Protocol (GCMP-256) cipher. This takes place using a newly developed 384-bit ECDH or ECDSA key exchange with HMAC SHA385 hash authentication.
On top of this, all PMF or Protected Management Frames are heavily secured by the 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256).
The team at the WiFi Alliance outlines that this new encryption algorithm is “the equivalent of 192-bit cryptographic strength.”