What is actually... WPA3?

What is WPA3?

WPA3 is the third version of the Wi-Fi Protected Access (WPA) protocol. It was announced by the Wi-Fi Alliance in early 2018 as the successor to the widely used WPA2. The predecessor and until then considered secure WPA2 protocol was partially cracked in October 2017 by researchers from the University of Leuven using the KRACK attack.

What advantages does WPA3 offer over WPA2?

The new WPA standard was presented in February 2018 at the CES technology trade fair in Las Vegas. WPA3 will not only close the security gap of the WPA2 standard that was uncovered by KRACK, but will also make WLANs more secure in other ways and their setup more user-friendly. The Wi-Fi Alliance also assures compatibility with WPA2 devices.

The security of the WLAN devices themselves is to be ensured by a revised password query. With WPA2, it was possible to guess a weak access password for a device with a simple attack. Here, an attacker did not have to be actively connected to the target network, but only had to record handshakes within the network for a short time and could then perform a dictionary attack offline. In the WPA3 protocol, passwords can now only be retrieved when the device is actively connected. Similar to a smartphone lock function, after multiple incorrect password entries, the time between further attempts is increased exponentially.

The setup of devices without a display or graphical user interface, as is the case with most IoT devices, is to be simplified. For this purpose, the new Easy Connect function is used in WPA3. WPA3-enabled IoT devices are to be equipped with QR codes, which can be easily scanned by a smartphone and connected to other devices.

The security of government, military, Industrie W-LAN or other critical networks with the highest security requirements is also to be guaranteed. For example, the encryption of local W-LAN networks is raised to 192-bit with WPA Enterprise for companies. However, this is not backwards compatible with WPA2 and therefore requires the purchase of new, WPA3-capable devices for the entire W-LAN infrastructure.

Opportunistic Wireless Encryption (OWE) is a long overdue innovation. This is the encryption of data transmission between WLAN devices and endpoints in the local network. This should be of particular interest to hotels, airports or other operators of public hotspots that offer an internet connection without user registration or authentication. The advent of public hotspots made the transmission of personal data vulnerable to man-in-the-middle attacks due to a lack of encryption on the local network as well as over the internet. Nowadays, however, most connections are already encrypted using TLS between two endpoints and are thus securely transmitted even on local networks, which was not the norm when WPA2 was introduced 14 years ago.

However, there is currently still disagreement on the subject of OWE. Opponents of the innovation state that the implementation of simultaneous operation of encrypted and "open" W-LAN networks via the same access point is too difficult. Therefore, the implementation of OWE will be delayed indefinitely.

When is WPA3 coming?

According to the Wi-Fi Alliance, the first WPA3-enabled devices should be on the market as early as the beginning of 2019. Even though manufacturers of Wi-Fi-enabled devices must comply with the guidelines of the new WPA3 standard in order to be verified by the Wi-Fi Alliance, most users will not replace their working WPA2-based hardware for the time being. It may therefore take a few more years before WPA3 is a widespread standard.