Technologies which run in unlicensed spectrum are always dogged by fears about privacy and security, and these will only become more critical to address, as wirelesss networks enable ever-more critical services. The WiFi Alliance has announced its latest security protocol, to improve on the capabilities of existing WPA technology and address a series of vulnerabilities in the 802.11 standards.
This is the third generation of WPA (WiFi Protected Access), which was originally introduced to the 802.11 platform in its third iteration to improve on the initial, and weak, security protocol, WEP.
There are four new features in WPA3, three of them targeted at both personal and enter-prise networks. These are:
• Measures to supplement security when users have passwords over-simple passwords.
• Simpler ways to configure protection for devices that have limited or no display inter-face.
• Individualized data encryption to improve privacy for users in open networks.
Sectors with higher security requirements such as government, defence and industrial will also be able to use a new security suite aligned with the requirements of the US Committee on National Security Systems.
The alliance said the new protocol will be introduced during 2018, and that it will, in parallel, work to enhance the existing WPA2 protocol. This is important, as it takes many years for service providers and consumers to update their access points to the latest security standards (some are still only WEP-enabled). WPA2 changes will aim to reduce vulnerabilities created with misconfigured networks, and will add centralized authentication to managed WLANs.
“Security is a foundation of WiFi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi Certified family of security solutions,” said Edgar Figueroa, CEO of WiFi Alliance.
In October last year, Belgian security experts at the university of KU Leuven discovered serious vulnerabilities. They found that, using a technique called key installation attack (KRACK), hackers could read information that had been assumed to be encrypted.