WPA3 (Wi-Fi Protected Access®) -Personal provides next-generation security for private Wi-Fi® networks and improves security effectiveness compared to its predecessor WPA2 standard, yet maintains backward compatibility. The third edition of WPA is long-awaited and will benefit the Wi-Fi industry, businesses, and the millions of average Wi-Fi users worldwide. WPA3 installs new features to streamline Wi-Fi security, deliver increased cryptographic strength, enable more robust authentication for sensitive data markets, and maintain the resiliency of mission-critical networks. WPA3 presents the Key Reinstallation Attack (KRACK), allowing hackers to steal critical data transmitted over networks such as login credentials, private chats, and credit card information.
WPA3 uses GCMP-256(Galois/Counter Mode Protocol) encryption, updated to support secure password generation, mitigate attacks, and protect network privacy. This level of security provides consistent cryptography and eliminates the "mixing and matching of security protocols" defined in the 802.11 Standards. WPA3 also makes management frames more robust with the mandatory addition of Protected Management Frames (PMF) that adds a layer of protection from de-authentication and disassociation attacks.
The WPA2 128-bit security is a weak shield having many outdated features. The new WPA3 standard uses 192-bit encryption requiring additional computing power and time for an attacker to crack it. The likelihood of success of the WPA3-Personal attack may touch 0.5 only after 2,500 active attacks. Such an attack will be detected on WPA3-Personal much before the potential of success becomes evident. It brings enhanced security and protection for enterprises and end-users from client to cloud.
WPA3 uses Device Provisioning Protocol (DPP), allowing users to utilize NFC tags or QR codes based devices to connect to a network. This new way of connecting devices to the network is called Easy Connect. The Easy Connect simplifies the pairing of Wi-Fi devices without displays, such as IoT devices, and uses QR codes instead of requiring devices to store a password to connect.
WPA3 comes in 3 variants: WPA3 Personal (WPA-3 SAE) Mode, WPA3 Enterprise Mode (WPA3 ENT) and Wi-Fi Enhanced Open Mode. WPA3-Personal provides more individualized encryption. It uses Simultaneous Authentication of Equals (SAE), well-defined in the IEEE 802.11-2016 Standard, which replaces the WPA2-Personal Pre-Shared Key (PSK) authentication. The WPA3-Personal users receive greater protections from password speculation attempts. The WPA3, with SAE, adds a step to the "handshake" that makes brute force attacks ineffective. SAE, unlike PSK, provides vulnerability towards offline dictionary-based cracking attacks and offline brute-force password-guessing attacks.
WPA3-Enterprise adds to the WPA2-Enterprise foundation with the additional need for PMF use on all WPA3 connections. WPA3-Enterprise offers 192-bit higher-grade security protocols for sensitive data networks that ensure the usage of the right combination of cryptographic tools and set a consistent baseline of security within a WPA3 network. The Wi-Fi Enhanced Open networks provide unauthenticated data encryption to users, maintaining the ease of use of open networks. This protection is an Opportunistic Wireless Encryption (OWE) described in the Wi-Fi Alliance Opportunistic Wireless Encryption Specification and the Internet Engineering Task Force (IETF) RFC8110 specification.