Got it

Introduction to WPA3

Latest reply: Nov 17, 2021 05:49:15 859 18 7 0 0

Hello community.


I want to share with you an introduction to WPA3 security protocol that has begun to be implemented in the latest Wi-Fi products.


Wi-Fi Protected Access 3 (WPA3) is the next-generation Wi-Fi encryption protocol released by the Wi-Fi Alliance. Announced in January 2018, the certification began in June the same year. WPA3 builds upon trusted WPA2 success to bring a new level of security for personal and enterprise environments. It focus on cryptographic consistency, robust password-based authentication, and 192-bit security.


All WPA3-enabled networks should use the latest security methods, disallow outdated legacy protocols, and require use of Protected Management Frames (PMF) as specified in the IEEE 802.11w amendment.


Since Wi-Fi networks differ in usage purpose and security needs, WPA3 includes additional capabilities specifically for personal and enterprise networks, similar with WPA2. WPA3-Personal enhances protection for password security, while WPA3-Enterprise provides users with more advanced security protocols to protect sensitive data.


WPA3-Personal


WPA3-Personal increases the protection of individual users by providing more robust password-based authentication, compared with WPA2-Personal, even if a user’s password is weak. WPA3-Personal introduces Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices, replacing PSK authentication of WPA2-Personal. SAE can defend against offline dictionary attacks and increase the difficulty in brute force cracking. SAE also protects data traffic even if a password is compromised after the data was transmitted, so in this way it contributes to the forward secrecy. WPA3-Personal supports only the AES encryption mode.


WPA3-Enterprise


For enterprise-level and institutional security, WPA3-Enterprise is the right choise. WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocols across the network. WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data. This mode has the following advantages:


  • Data protection: The Suite-B 192-bit security suite is used to increase the key length.

  • Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256). It is used to protect wireless traffic after STAs go online.

  • Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384).

  • Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve.

  • Robust management frame protection (PMF): 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256).


WPA3-Enterprise supports only EAP-TLS authentication with AES 256 encryption, unlike WPA2-Enterprise that supports multiple EAP authentication modes.

Transition mode

As WPA2 is still widely used, to enable WPA3-incapable STAs to access a WPA3-configured network, the Wi-Fi Alliance defines the WPA3-Personal and WPA3-Enterprise transition modes. That is, WPA3 and WPA2 can coexist for a period of time in the future.

  • For WPA3-Personal Transition Mode

    Supports only the AES encryption mode but does not support the TKIP encryption mode. In WPA3 transition mode, the access process for WPA2 STAs is the same as that for STAs using WPA2-PSK authentication, with PMF in optional mode. However, for WPA3 STAs, the access process uses WPA3-SAE authentication, with PMF in mandatory mode.


  • For WPA3-Enterprise Transition Mode

    For WPA3-Enterprise Transition Mode could be supported, an AP shall enable at least two modes, IEEE 802.1X with SHA-1 and IEEE 802.1X with SHA-256 to guarantee the access of STAs using WPA2-Enterprise, with PMF in optional mode. Huawei WLAN products until V200R019C00 does not support transition mode for WPA3 of the enterprise edition.


That is all for now, you can leave your comments below.
If you want a more comprehensive learning you can support in the following links:

https://www.wi-fi.org/discover-wi-fi/security 
https://support.huawei.com/enterprise/en/doc/EDOC1100096325/b27702df/understanding-wlan-security-policies 

Thanks for your attention!

Learned, well done
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 18, 2021 06:18:09 (0) (0)
Thank you for your support  
IndianKid
Moderator Author Created Mar 18, 2021 06:18:17

Thanks for sharing. well written article
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 18, 2021 12:45:04 (0) (0)
I am glad, thanks.  
Good
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 18, 2021 12:43:37 (0) (0)
Thank you  
Excellent post. Good information.
Thanks for sharing, dear friend!! Introduction to WPA3-3834807-1
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 18, 2021 12:45:53 (0) (0)
Thanks for reading and support  
Great Post , Thanks so
View more
  • x
  • convention:

user_3915171
user_3915171 Created Mar 18, 2021 17:48:56 (0) (0)
 
Useful introduction!
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 21, 2021 22:11:12 (0) (0)
Thank you!  
thanks
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 21, 2021 22:11:26 (0) (0)
Thank you!  
Thanks for sharing
View more
  • x
  • convention:

ernesto_cupet6
ernesto_cupet6 Created Mar 21, 2021 22:11:47 (0) (0)
Thanks for your support  
Great sharing
View more
  • x
  • convention:

12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.