WiFi Alliance beefs up WPA security protocols to address vulnerabilities


Technologies which run in unlicensed spectrum are always dogged by fears about privacy and security, and these will only become more critical to address, as wirelesss networks enable ever-more critical services. The WiFi Alliance has announced its latest security protocol, to improve on the capabilities of existing WPA technology and address a series of vulnerabilities in the 802.11 standards.

This is the third generation of WPA (WiFi Protected Access), which was originally introduced to the 802.11 platform in its third iteration to improve on the initial, and weak, security protocol, WEP.

There are four new features in WPA3, three of them targeted at both personal and enter-prise networks. These are:

Measures to supplement security when users have passwords over-simple passwords.

• Simpler ways to configure protection for devices that have limited or no display inter-face.

• Individualized data encryption to improve privacy for users in open networks.

Sectors with higher security requirements such as government, defence and industrial will also be able to use a new security suite aligned with the requirements of the US Committee on National Security Systems.

The alliance said the new protocol will be introduced during 2018, and that it will, in parallel, work to enhance the existing WPA2 protocol. This is important, as it takes many years for service providers and consumers to update their access points to the latest security standards (some are still only WEP-enabled). WPA2 changes will aim to reduce vulnerabilities created with misconfigured networks, and will add centralized authentication to managed WLANs.

“Security is a foundation of WiFi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi Certified family of security solutions,” said Edgar Figueroa, CEO of WiFi Alliance.

In October last year, Belgian security experts at the university of KU Leuven discovered serious vulnerabilities. They found that, using a technique called key installation attack (KRACK), hackers could read information that had been assumed to be encrypted.

Previous articleImproving WiFi Connections in High-Density Environments
Next articleLines Blur Between Cellular and Wi-Fi
Caroline has been analyzing and reporting in the hi-tech industries since 1986 and has a huge wealth of experience of technology trends and how they impact on business models. She started her career as a journalist, specializing in enterprise and carrier networks and in silicon technologies. She spent much of her journalistic career at VNU Business Publishing, then Europe’s largest producer of technology publications and information services . She was publishing director for the launch of VNU’s pan-European online content services, and then European editorial director. She then made the move from publishing into technology market analysis and consulting, and in 2002 co-founded Rethink Technology Research with Peter White. Rethink specializes in trends and business models for wireless, converged and quad play operators round the world and the technologies that support them. Caroline’s role is to head up the wireless side of the business, leading the creation of research, newsletters and consulting services focused on mobile platforms and operator models. In this role, she has become a highly recognized authority on 4G systems such as LTE and WiMAX, and a prolific speaker at industry events. Consulting and research clients come from major mobile operators, the wireless supply chain and financial institutions.


Please enter your comment!
Please enter your name here