Wi-Fi Alliance Launches WPA3 Security Standard

WPA3 is the next generation of Wi-Fi security and provides cutting-edge security protocols to the market. Building on the widespread success and adoption of Wi-Fi CERTIFIED WPA2, WPA3 adds new features to simplify Wi-Fi security, enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain resiliency of mission critical networks. All WPA3 networks:

  • Use the latest security methods
  • Disallow outdated legacy protocols
  • Require use of Protected Management Frames (PMF)

Since Wi-Fi networks differ in usage purpose and security needs, WPA3 includes additional capabilities specifically for personal and enterprise networks. Users of WPA3-Personal receive increased protections from password guessing attempts, while WPA3-Enterprise users can now take advantage of higher grade security protocols for sensitive data networks.

WPA3, which retains interoperability with WPA2™ devices, is currently an optional certification for Wi-Fi CERTIFIED devices. It will become required over time as market adoption grows.

WPA3-Personal

WPA3-Personal brings better protections to individual users by providing more robust password-based authentication, even when users choose passwords that fall short of typical complexity recommendations. This capability is enabled through Simultaneous Authentication of Equals (SAE), which replaces Pre-shared Key (PSK) in WPA2-Personal. The technology is resistant to offline dictionary attacks where an adversary attempts to determine a network password by trying possible passwords without further network interaction.

  • Natural password selection: Allows users to choose passwords that are easier to remember
  • Ease of use: Delivers enhanced protections with no change to the way users connect to a network
  • Forward secrecy: Protects data traffic even if a password is compromised after the data was transmitted

WPA3-Enterprise

Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise. WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocols across the network.

WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data:

  • Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
  • Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
  • Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
  • Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)

The 192-bit security mode offered by WPA3-Enterprise ensures the right combination of cryptographic tools are used and sets a consistent baseline of security within a WPA3 network.




Industry support for WPA3 and Wi-Fi Easy Connect:

“2018 is a transformative year for Wi-Fi with new standards being published such as WPA3, which is the latest evolution of Wi-Fi Protected Access, taking security to a level of robustness and resiliency not seen before. Coupling WPA3 with the promise of 802.11ax’s efficiency will allow Wi-Fi to reach levels of security and performance unimaginable only a few years ago.” – Alan Amrod, SVP & GM, Products & Marketing, Aerohive Networks

“Security has always been a key component of Wi-Fi’s broad appeal and Wi-Fi Alliance’s certifications. Ruckus is in full support of continuing to evolve the certification of security standards to meet potential new threats. We are actively developing new software to take full advantage of Wi-Fi CERTIFIED WPA3 for the benefit of our customers and their millions of end users around the world.” – said Mark Hamilton, Principal Networking Standards Engineer, Ruckus Networks, an ARRIS Company

“As Wi-Fi evolves to deliver more value in an ever expanding array of use cases, it’s important that security evolves too. WPA3’s new features, such as improved password based authentication and stronger encryption, will further simplify and strengthen how consumers and businesses connect to the Internet every day.” – Vijay Nagarajan, senior director of marketing for Wireless Communications and Connectivity division at Broadcom

Cisco is in full support of Wi-Fi Alliance’s continual focus on security evolution to WPA3. The WPA3 program will bring much needed upgrades to wireless security protecting all levels of customers from consumer to enterprise/government. Cisco is committed to integrating WPA3 features into our Aironet Access Points and Wireless Controllers via a firmware upgrade so that our existing and new customers can take advantage of the capabilities offered by WPA3. – Greg Dorai, Vice President Cisco WLAN, Cisco

“WPA3 and Wi-Fi Enhanced Open provide a comprehensive security offering without added complexity.  With WPA3, users will receive better experiences with passwords that are easier to remember and manage, and IT will be able to ensure consistent and strong cryptography throughout their infrastructure. Aruba has already begun to incorporate and certify WPA3 for future designs to ensure the most advanced protection for our customer’s data.” – Dan Harkins, Distinguished Technologist, Aruba, a Hewlett Packard Company

“WPA3 is another milestone for the Wi-Fi industry, the extreme high throughput and enhanced security delivered by Wi-Fi will provide an excellent end-user experience in both consumer and enterprise markets. We are pleased to see Wi-Fi to continue to enable the digital transformation in many sectors and businesses.” – Dr. Wen Tong, Huawei Fellow, CTO, Huawei Wireless

“WPA3 brings critical updates to Wi-Fi security for personal and enterprise networks. Intel supports WPA3 and through our involvement in the test bed, we are helping our customers incorporate WPA3 into their products for enhanced security protections.” – Eric Mclaughlin – GM, CCG Wireless, Intel

“Marvell has worked in close cooperation with Wi-Fi Alliance on Wi-Fi CERTIFIED WPA3 and Wi-Fi Easy Connect.  WPA3 builds on the widespread adoption of WPA2 and delivers a high level of security for both personal and enterprise Wi-Fi networks. We support these latest programs as together they provide strong protection against security threats while also enhancing the connectivity user experience for our customers.” – Mark Montierth, VP and GM of the Wireless Connectivity Business Unit at Marvell

“Hospitals are keenly aware of the critical importance of data privacy and security, and maintaining a robust security policy means accessing the strongest security measures available. Philips applauds Wi-Fi Alliance for building upon the success of WPA2 with the latest security mechanisms now available in WPA3.” – Phil Raymond, Director, Wireless CoE, MA&TC CTO Office, Philips Healthtech

“Qualcomm Technologies is committed to safeguarding the trust that millions of users and businesses put in Wi-Fi every day. We are proud to be among the first companies to support WPA3 across our portfolio of mobile and networking infrastructure products, and we are working closely with Wi-Fi Alliance and key stakeholders to accelerate its adoption throughout all major industries and ecosystems that rely on Wi-Fi.” – said Rahul Patel, senior vice president and general manager, connectivity and networking, Qualcomm Technologies, Inc.

“Silicon Motion proudly supports the industry transition to WPA3.  Our new low power Wi-Fi SoC, built for IoT applications, supports both the mandatory and optional elements of WPA3 so that our customers can enable the highest level of security possible for their Wi-Fi and low power IoT applications.”  – David Cohen, Sr. Marketing Director, Silicon Motion, Inc.





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: