Secure wireless connectivity is an important requirement for today's most business continuity. Especially for enterprise and SMBs, Wi-Fi security is essential but challenging. It used to be quite normal and reliable to protect wireless networks using Wi-Fi Protected Access II (WPA2), however, the WPA2 connection was found no longer secure as the network security cyber problems occur frequently. The new security standard WPA3 comes on stage. This article will give an intimate look into the WPA3 security for enterprise business.
Figure 1: WPA3 Wi-Fi Security
WPA3, the full name of which is Wi-Fi Protected Access 3, is the Wi-Fi security protocol created by the Wi-Fi Alliance. As of today, the Wi-Fi Alliance has announced four standards. Since the original IEEE 802.11 standard was ratified in 1999, the security protocol was then followed up by WPA and WPA2.
It is not a very long time since the Wi-Fi Alliance released the WPA3 standard to replace WPA2. WPA2 has been occupied as a leading role in Wi-Fi security over a decade. Even now most home Wi-Fi or enterprise wireless networks are using WPA2. It was not until the discovery of the flaw in WPA2 in 2017 caused some disquiet in the IT community that Wi-Fi Alliance developed a more secure standard. In response to the flaw, in 2018, WPA3 was released with the goal to address WPA2 shortcomings and improve WPA. Built on the previous success and massive adoption of WPA2, WPA3 comes in two versions similar to WPA2: WPA3-Personal and WPA3-Enterprise. As the names show, WPA3-Personal is basically for personal or home use and easy to deploy and use, while WPA3-Enterprise is often used for organizations, generally more secure than WPA3-Personal mode.
Though WPA3-Enterprise and WPA3-Personal differ in usage purpose and security needs, compared with WPA2, WPA3 networks basically have the following changes and benefits:
WPA3 enables robust encryption using the latest security methods. For some small business networks using WPA2-Personal, the imperfect four-way handshake was directly based on the pre-shared key (PSK), which makes the attacks towards PSK like KRACK vulnerable. Hackers may crack WPA2-Personal passwords with brute-force attacks, basically guessing the password over and over again until one password matches. WPA3-Personal mode replaces PSK with Simultaneous Authentication of Equals (SAE) so it eliminates dependency on shared passwords and gets devices authorized without sacrificing security.
While for WPA3-Enterprise mode, there is a move from the 128-bit security level of WPA2-Enterprise to 192-bit security. This feature provides extra security for security-sensitive areas, such as government, defense, and industrial verticals. Also, WPA3 introduces 256-bit Galois/Counter Mode Protocol and 384-bit Hashed Message Authentication Mode (HMAC) with the Secure Hash Algorithm, which sets a consistent security baseline to better protect the sensitive data.
WPA3 devices such as WPA3 access points or routers integrated with Wi-Fi CERTIFIED Easy Connect™ technology intend to reduce the complexity of the process of configuring Wi-Fi devices that have limited or no display interface, especially the devices for the IoT market. The enhancement enables users to add to Wi-Fi networks using another device with a more robust interface such as using a smartphone to scan a QR code. This Easy Connect option eliminates the long-term problem that IoT things are hard to deploy owing to the fact that there is no screen or display. Thus with WPA3 devices featuring Easy Connect, IoT things can be connected to a secure network.
WPA3 devices support Wi-Fi CERTIFIED Enhanced Open™, which is an enhancement for vendors to include in their Wi-Fi products like routers or access points. We are often told that we should avoid doing sensitive browsing on public Wi-Fi networks such as coffee shops, hotels, restaurants or other places that offer free Wi-Fi services to retain customers. Because these public venues use WPA2-Personal with shared and public PSK and anyone on the same public network can observe your activity. With WPA3 access points or routers using Wi-Fi Enhanced Open in such public places, even if users’ device associates the WPA3 devices, the connection will automatically be encrypted using an established standard Opportunistic Wireless Encryption (OWE), thus protecting clients’ data confidentiality and avoiding unnecessary disputes.
Figure 2: Wi-Fi Enhanced Open
WPA3 security technology and its new features bring critical updates on Wi-Fi security to both personal and enterprise networks. For today’s enterprise network, it is vitally important to emphasize wireless network security, especially when there are great needs to offer customers or employees reliable Wi-Fi access. Enterprise network solutions with WPA3 wireless access points or routers will deliver more value and better solve the security cyber problems.