Wi-Fi Alliance Ramps up Wi-Fi Security ahead of 802.11ax Rollout

Subscribe To Download This Insight

By Andrew Zignani | 3Q 2018 | IN-5182

Following the recent exposure of WPA2’s security vulnerabilities, the Wi-Fi Alliance is beefing up security with WPA3. This is increasingly important with the number of devices using Wi-Fi, the significant increase in data traffic, and the serious need to thwart would-be attackers.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

Wi-Fi Alliance Introduces WPA3 Security Enhancements

NEWS


On June 25, 2018, the Wi-Fi Alliance introduced its next generation of Wi-Fi security, known as WPA3. First announced in January at CES, the new security protocol targets both home and enterprise networking environments, and it seeks to deliver enhanced encryption and authentication features. At the same time, the Wi-Fi Alliance also introduced Easy Connect, which is a program that enables Wi-Fi devices with limited or no displays to be securely added to a Wi-Fi network using QR codes and an intermediary device, such as a smartphone. This move seeks to simplify and streamline Wi-Fi security and provisioning for Internet of Things (IoT) devices.

Building on WPA2 and Addressing Limitations

IMPACT


WPA2 is now more than a decade old and, in 2017, security researchers discovered a huge vulnerability in the form of Key Reinstallation AttaCKs (KRACK).Attackers making use of the vulnerabilities were able to trick victims into reinstalling keys that were already in use, thus manipulating and replaying handshake messages, exposing the network to eavesdropping, and giving hackers the potential ability to intercept everything a user accessed and typed, in addition to user credentials, IDs, and passwords. That was made possible by exploiting the KRACK-based vulnerabilities, which could bypass the standard industry IP security protocols like Transport Security Layer (TSL) and Secure Sockets Layer (SSL).

WPA3 brings about several new enhancements to ensure Wi-Fi security remains ahead of the curve and to address previous vulnerabilities. Key among this is Simultaneous Authentication of Equals (SAE), a new secure key establishment protocol between devices, seeking to provide stronger protections for users against password guessing attempts by third parties, replacing WPA2’s Pre-Shared Key (PSK). WPA2’s four-way handshake made it susceptible to offline dictionary attacks, while the new implementation blocks offline password attempts after a single incorrect try. The new method means that Wi-Fi networks will be more secure, even when users choose to use simple passwords that are much easier to guess.

The Wi-Fi Alliance is also introducing further enterprise-specific enhancements as part of their WPA3-Enterprise solution. This includes increased cryptographic strength of 192-bits, designed for applications where sensitive data is being transferred, such as government and financial institutions.

WPA3 Rollout and Key Recommendations for the Industry

RECOMMENDATIONS


WPA2 will remain mandatory for all Wi-Fi certified devices for the time being, though this will ultimately be superseded by WPA3 as adoption increases over the next few years. As there is no concrete timeline for this transition, much will depend on the speed of WPA3’s adoption across a number of device types. In the meantime, WPA3 devices will continue to support WPA2 devices through what the Wi-Fi Alliance calls a “transitional mode of operation.” The Internet Protocol (IP) migration from IPv4 to IPv6 is also expected to add pressure.

ABI Research expects WPA3’s adoption to increase considerably over the next 3 to 5 years, particularly as it coincides with the rollout of the latest evolution in Wi-Fi protocols, namely 802.11ax. This technology is expected to see strong growth over the next few years and ABI Research expects 802.11ax chipsets to account for nearly 30% of all annual Wi-Fi chipset shipments by 2022.

Companies like Qualcomm have already unveiled 802.11ax-ready chipsets that will support WPA3 encryption. Earlier this year, the company unveiled its first 802.11ax-ready solution for smartphones, tablets, and notebooks supporting the new security enhancements. ABI Research expects other vendors to follow suit and believes that all 802.11ax chipsets must support the recently announced WPA3 encryption or risk being at a heavy disadvantage in terms of competition, particularly as messaging around security becomes more crucial following recently highly publicized WPA2 vulnerabilities, such as KRACK. Other leading Wi-Fi vendors, such as Broadcom, Marvell, and Intel, have all claimed support for WPA3 in the Wi-Fi Alliance’s announcement, and when 802.11ax is finally ratified in 2019, ABI Research expects virtually all 802.11ax chipsets to support the new security enhancements.

WPA3 will eventually need to be supported across all Wi-Fi device types, and it is encouraging that low-power IC specialist vendors, such as Silicon Motion, are also intending to support both the mandatory and optional elements of WPA3 in their latest low-power Wi-Fi Systems-on-a-Chip (SoCs) going forward. The Easy Connect solution will also be of significant importance to these device types, as the majority will be headless. WPA3 should also be advertised as a key function of devices going forward.

ABI Research also recommends that Easy Connect should be widely adopted among IoT and headless devices. Many of Wi-Fi’s vulnerabilities come from default settings or users never changing their password due to the limited interfaces of some device types. By simplifying and securing the provision of these device types through the Easy Connect solution, it could play a key role in preventing easy points of entry to a network and the proliferation of IoT botnets in devices such as cameras, DVRs, smart TVs, set-top boxes, and smart appliances, among others. This will become increasingly important as Wi-Fi sees further growth in IoT devices without displays or those that can easily be configured.

ABI Research believes that device vendors should push out firmware updates on devices that are capable of supporting WPA3 as soon as possible. Eventually, a balance must be struck in terms of being able to support legacy devices, while ensuring that the network offers the best security possible. As Wi-Fi networks continue to support more and more devices, in addition to heterogeneous device types, it will be critical to ensure the WPA3 is supported across not just high-end computing devices but also legacy devices and emerging IoT devices. A key challenge will be ensuring that the vast number of legacy devices can be supported without compromising the integrity of the network.

Ultimately, the rollout of 802.11ax with WPA3 support offers an excellent opportunity for Wi-Fi solution providers to build new hardware that offers the most effective combination of Wi-Fi performance and security ever, ensuring that Wi-Fi can continue to address the challenges brought about by enormous device growth, increased traffic and congestion, heterogeneous device types, and the need for more robust security.