The Wi-Fi Alliance introduced the next generation of Wi-Fi Protected Access — WPA3 — which aims to improve password security as well as security for IoT devices.
The industry will begin rolling out the WPA3 Wi-Fi protocol in products in 2018 and replace WPA2, meaning vendors will have to follow the security standard in order to carry the “Wi-Fi Certified” branding.
In an official announcement from CES in Las Vegas, the Wi-Fi Alliance noted that the WPA3 Wi-Fi protocol will include “four new capabilities for personal and enterprise Wi-Fi networks.”
“Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface. Another feature will strengthen user privacy in open networks through individualized data encryption,” the Wi-Fi Alliance wrote. “Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.”
According to Mathy Vanhoef, a network security and applied cryptography post-doctoral candidate and one of the researchers behind the WPA2 KRACK vulnerability which took advantage of the WPA2 four-way handshake network connection process to produce a man-in-the-middle exploit. WPA3 implements a more secure handshake that should help prevent brute force password attacks.
That means dictionary attacks no longer work. The handshake they’re referring to is likely Simultaneous Authentication of Equals (SAE). Which is also called Dragonfly. See https://t.co/WNZnGzZTO6
— Mathy Vanhoef (@vanhoefm)
January 8, 2018
Marc Bevand, former security engineer at Google, described in a Hacker News forum post how this type of password authenticated key exchange (PAKE) can prevent attacks online and off.
“[Offline, an attacker] can try to decrypt the packet with candidate passwords, but he does not know when he guesses the right one, because a successful decryption will reveal [values that] are indistinguishable from random data. And even if he guessed right, he would obtain [public keys], but would not be able to decrypt any further communications as the use of Diffie-Hellman makes it impossible to calculate the encryption key,” Bevand wrote. “[Online,] if he actively [man-in-the-middles] the connection and pretends to be the legitimate server, he can send his own [key and password] to the client using one guessed candidate password. If he guessed wrong … each authentication attempt gives him only one chance to test one password. If, out of frustration, the client tries to retype the password and re-auth three times, then the attacker can at most try to guess three candidate passwords. He can’t brute force many passwords.”
Additionally, experts noted that the WPA3 Wi-Fi protocol improvements to “configuring security for devices that have limited or no display interface” could help improve security on IoT devices, but not all experts, like Tom Van de Wiele, principal cyber security consultant and red-teamer at F-Secure, were optimistic about the possibility.
WPA3 promises new ways of configuring wifi devices without displays “in a secure way”. If this is going to be anything like the nightmare that is WPS then I’m not holding my breath, but let’s see what happens.
— Tom Van de Wiele (@0xtosh)
January 9, 2018