The Wi-Fi Alliance has just unveiled WPA3, its new encryption protocol. This is a major improvement for Wi-Fi networks.
In October 2017, security researcher Mathy Vanhoef unveiled the Krack attack, wiping out security for all Wi-Fi terminals protected by the WPA2 encryption protocol.
Less than a year later, the Wi-Fi Alliance is proposing a successor, WPA3, which has just been finalized. It embeds a whole new set of features supposed to make the Wi-Fi completely inviolable.
First of all, WPA3 gets rid of the old trading protocol – also called “4-way hand shake” – which is the weak link in WPA2.
This is where the vulnerabilities of the Krack attack are. It is also thanks to him that hackers can carry out brute force or dictionary attacks on the passwords of a Wi-Fi network.
Based on a protocol called “Simultaneous Authentication of Equals”, the negotiation phase of WPA3 will now be immune to these problems. Even if the password chosen by the user is weak, hackers will no longer be able to attempt their brute force or dictionary attacks.
This technology also brings a persistent secrecy (“forward secrecy”). Even if an attacker is able to find the Wi-Fi network password by some other means, he or she will not be able to decrypt past communications. Better protection in public places.
The other big news is about public Wi-Fi networks. Until now, they were fully open or accessible through a password known to all. In both cases, it is not very complicated for a hacker to decrypt local user flows (which is why it is advisable to use a VPN).
WPA3 terminates this vulnerability with the “Enhanced Open” connection mode. It relies on the “Opportunistic Wireless Encryption” protocol to establish an encrypted connection between the user and the access point.
Security is provided by the Diffie-Hellman algorithm, which is used to define the encryption key.
Finally, WPA3 simplifies the connection for the connected devices that do not necessarily have a screen for easy parameterization.
With the “Easy Connect” feature, it will be sufficient to scan a QR code on the device to be connected. The Wi-Fi router will then automatically send the credentials securely.
Obviously, to benefit from all these new features, it will take a little longer for all the different manufacturers to implement it.
The first compatible products should arrive by the end of 2018. To benefit from this, it will obviously be necessary for routers and devices that connect to it to be WPA3 certified.
In theory existing devices could receive an update allowing them to manage WPA3, but the procedure will undoubtedly be complex and binding for the manufacturers. It is therefore unlikely that we see many devices already out to benefit.