The Wi-Fi Alliance, the organization that steers the Wi-Fi standard, has announced a new program for certifying Wi-Fi products that support WPA3, a newer and more secure protocol to WPA2, but your WPA3 certified device might only more secure than today's devices in one aspect.
WPA3 could be a huge update to Wi-Fi security, by reducing the risk of users picking weak passwords, helping users securely configure devices that lack a physical user interface, improving public hotspot security, and increasing the key size required for securing enterprise networks.
However, Mathy Vanhoef, one of the researchers at KU Leuven in Belgium who discovered the ubiquitous KRACK or Key Reinstallation Attacks attacks affecting WPA-2, says the Wi-Fi Alliance has missed its chance to improve Wi-Fi security by only requiring one new capability.
The alliance in January announced that four new capabilities were coming to personal and enterprise Wi-Fi networks in 2018 as part of the its Wi-Fi CERTIFIED WPA3 process. WPA2 will still be supported for years to come but over time as more vendors meet WPA3 requirements, the latter will become the norm.
One key feature was that WPA3 could improve personal network protections when home users choose poor — short and simple — passwords. This is enabled through WPA3's use of Simultaneous Authentication of Equals (SAE) handshake or key exchange, which makes it much harder for hackers to collect Wi-Fi passwords and crack them offline using so-called dictionary-attacks.
Vanhoef said the move to the SAE handshake, which is a variant of the Dragonfly key exchange, was a “major improvement” over WPA2 networks, as the latter is vulnerable to offline password attacks when weak passwords are captured.
But in a blogpost this week he highlighted the WPA3 certification program only requires that devices support the Dragonfly handshake, leaving the other three components of WPA3 as optional.
If the certification required improved configuration for devices without an interface, it may help address the rise of new IoT botnets such as Mirai, which rely on the abundance of routers and DVRs with default settings because they lack an interface to configure security settings.
“I fear that in practice this means manufacturers will just implement the new handshake, slap a "WPA3 certified" label on it, and be done with it,” wrote Vanhoef.
The WPA3 components regarding configuring devices without a user interface and improved security on public networks, are handled under a separate certification processes, including Wi-Fi Enhanced Open and Wi-Fi Easy Connect, respectively.
“This means that if you buy a device that is WPA3 capable, there is no guarantee whatsoever that it supports these two features,” he notes.
Vanhoef speculates the Wi-Fi Alliance’s intent was to make WPA3 easy for vendors to implement rather than forcing vendors to deliver much higher security standards for users before getting the WPA3 badge.
Vanhoef offered an overview of what you could expect if you buy or use a WPA3 certified Wi-Fi device in the next few years.
- The dragonfly handshake (also called Simultaneous Authentication of Equals) is a mandatory part of WPA3. So if in the future you select "WPA3-Personal" in your home router, you will be using this handshake. This means dictionary attacks against the handshake will be longer be possible.
- The replacement of Wi-Fi Protected Setup (WPS) will be called Wi-Fi Easy Connect. It is based on the Device Provisioning Protocol (DPP). It is not part of WPA3.
- To provide unauthenticated encryption when connecting to an open hotspot, the Wi-Fi Alliance introduced Wi-Fi Enhanced Open. The standard behind this marketing term is Opportunistic Wireless Encryption. It is not part of WPA3. Note that even if opportunistic encryption is being used, it is trivial for an attacker to set up a rogue AP and intercept all traffic.
- WPA3-Enterprise networks will support key sizes that offer the equivalent of 192-bit security. But the increased key sizes are only required during the authentication stage. Moreover, the WPA3-Enterprise mode is an optional part of WPA3.