New WPA3 Announced at CES 2018

The Wi-Fi Alliance announced the WPA3 standard at this year’s CES, signaling the dawn of a new era in network security.

The annual Consumer Electronics Show (CES) in Las Vegas is a destination for tech fans the world over. Last month’s 2018 installment saw the unveiling of everything from an IoT umbrella to Toyota’s self-driving concept vehicle to an assortment of devices inching us ever-closer to truly functional consumer virtual reality.

But in spite of all these eye-catching gizmos, it can’t be denied that one of the most consequential developments at CES 2018 was the Wi-Fi Alliance’s announcement of the Wi-Fi Protected Access 3 (WPA3) security standard.

The Alliance — whose membership includes major industry players like Broadcom, Intel, Microsoft, and Qualcomm — is in charge of setting and maintaining cybersecurity standards for both consumer- and enterprise-grade networking infrastructure.

So what are the “new features” that the Alliance is promising with WPA3? the first WPA3-certified devices won’t hit the market for another few months, so details remain scarce — but here’s what we know right now.

Mitigating the Risks of Weak Passwords

The Wi-Fi Alliance press release promises a WPA3 feature that will “deliver robust protections even when users choose passwords that fall short of typical complexity recommendations.” As any cybersecurity professional will tell you, that’s a much-needed development.

Despite enterprises’ best efforts in recent years, the average employee continues to choose woefully inadequate passwords. The two most common passwords in the corporate world are “123456” and “password.” This kind of inadequate protection makes enterprise networks extremely vulnerable to “dictionary attacks,” a subset of brute force cyberattacks that involves cycling through commonly used words and phrases until the correct password is discovered.

Industry insiders are speculating that WPA3 will counter this threat by blocking authentication after a certain number of failed login attempts and/or employing Simultaneous Authentication of Equals (SAE), commonly known as “Dragonfly.”

Improved Security for IoT Devices

WPA3 will also “simplify the process of configuring security for devices that have limited or no display interface.” In other words, we’re finally getting a Wi-Fi security standard tailored to the Internet of Things.

As of last year, there were already an astounding 8.5 billion internet-connected devices in use across the world, and they’ll probably exceed 50 billion by 2020. All those connections are providing tremendous value to consumers and enterprises alike, but it has also introduced a great deal of risk. A connected security camera or a wireless printer doesn’t offer users an easy, intuitive way to manage cybersecurity protocols.

WPA3 will provide network administrators with a better way to view the security measures running on devices without graphical interfaces, perhaps with an NFC-enabled management platform that IoT devices can easily be added to and secured on an enterprise network.

Closing the “Starbucks Backdoor”

Next, WPA3 will feature individualized data encryption for all open networks, giving a huge boost to security in a notoriously high-risk space. The insecurity of open networks at places like coffee shops and libraries has become a significant concern for enterprises as bring-your-own-device (BYOD) policies and remote work have become increasingly common. Even the most secure enterprise network is no match for an employee laptop or smartphone that was compromised by a malicious actor on an open network.

If the new WPA3 open network encryption protocol manages to close this “backdoor,” enterprise IT teams everywhere will breathe a huge sigh of relief.

Future-Proof Encryption

Finally, the Wi-Fi Alliance has promised that WPA3 will offer 192-bit encryption aligned with the Commercial National Security Algorithm (CNSA) Suite currently used by government agencies, defense contractors, and high-value industrial enterprises.

WPA2-certified devices are required to use either 64-bit or 128-bit encryption, and while this generally gets the job done today new, ultra-powerful hacking technology on the horizon could make universal 192-bit encryption necessary sooner than we’d like to imagine.

The Importance of Cybersecurity Expertise

As promising as these upgrades are, it would be a mistake to treat WPA3 as some sort of cybersecurity savior. Cutting-edge equipment will never prevent devastating data breaches on its own — you need extensive cybersecurity expertise on your side, as well.

At Turn-key Technologies, we’ve spent over two decades helping enterprises design, build, and manage powerful wireless networks boasting top-notch security. We recognize that no two corporate networks are the same, and have the experience and know-how needed to craft custom networking solutions tailored to each of our client’s unique needs.

By Tony Ridzyowski

02.08.2018

Sign up for the TTI Newsletter