Got it
Huawei Enterprise Support Community
Community Forums WLAN
WPA3 authentication

WPA3 authentication

Created: Oct 30, 2021 02:59:38Latest reply: Oct 30, 2021 03:00:08 282 1 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello everyone,

If the SSID uses WPA3 authentication, in some older devices, this WIFI SSID logo will have a cross sign (in the Windows 10 environment).

If WPA3 authentication is set, is it backward compatible with WPA2?

Or is there any other authentication method that supports both WPA3 and WPA2 authentication, so that when the device supports WPA3, the device can connect to the SSID, and when the device does not support WPA3, it can also connect to WPA2?

Please help me!


Like (0) Dislike (0) Favorite(0) Share Report
Previous: 2.4G and 5G
Next: Telemetry
Featured Answers

Best answer

(0) (0)
DDSN
Admin Created Oct 30, 2021 03:00:08

Hi WDNJSQ,

WPA3 introduces Simultaneous Authentication of Equals (SAE), which is a more secure handshake protocol, a WPA2 network, however, is vulnerable to PASSWORD cracking attacks.

 

WPA3-Personal introduces the SAE handshake protocol. Compared with WPA/WPA2-PSK authentication, WPA3-SAE can effectively defend against offline dictionary attacks and mitigate brute force cracking posed by weak PASSWORDs. In addition, the SAE handshake protocol provides forward secrecy. Even if an attacker knows the PASSWORD on the network, the attacker cannot decrypt the obtained traffic, greatly improving the security of a WPA3-Personal network.

 

WPA3-Enterprise still uses the authentication system of WPA2-Enterprise and uses the Extensible Authentication Protocol (EAP) for identity authentication. However, WPA3 enhances the algorithm strength by replacing the original cryptography suite with the Commercial National Security Algorithm (CNSA) Suite defined by the Federal Security Service (FSS). The CNSA Suite has a powerful encryption algorithm and applies to scenarios with extremely high-security requirements.

WPA2 is still widely used. To enable WPA3-incapable STAs to access a WPA3-configured network, the Wi-Fi Alliance defines the WPA3 transition mode. That is, WPA3 and WPA2 can coexist for a period of time in the future. This mode applies only to WPA3-Personal.

 

For open Wi-Fi networks, the Wi-Fi Alliance proposes Opportunistic Wireless Encryption (OWE) authentication based on open-system authentication of WPA3. OWE authentication is a Wi-Fi Enhanced Open authentication mode that allows for network access without the need to enter the PASSWORD. In OWE authentication mode, a device uses the AES encryption algorithm to encrypt data on the network, thereby protecting data exchange between STAs and the Wi-Fi network.

The process of OWE authentication is similar to that of SAE. The difference is that OWE authentication eliminates the need for PASSWORD maintenance. This authentication mode uses the Diffie-Hellman protocol to exchange keys to generate a PMK used for the subsequent four-way handshake. In addition to retaining the convenience of open networks, OWE authentication ensures data security for these networks.

 

The OWE transition mode provides backward compatibility with STAs that do not support OWE authentication. That is, non-OWE STAs access the network in open-system authentication mode, while OWE STAs access the network in OWE authentication mode. The OWE transition mode supports only the AES encryption mode.

In V200R019C00, ACs and APs support WPA3 authentication. In V200R019C10, only ACs support WPA3 authentication. OWE authentication is available since V200R020C10.


View more
  • x
  • convention:
All Answers
(0) (0)
2#
DDSN
DDSN Admin Created Oct 30, 2021 03:00:08

Hi WDNJSQ,

WPA3 introduces Simultaneous Authentication of Equals (SAE), which is a more secure handshake protocol, a WPA2 network, however, is vulnerable to PASSWORD cracking attacks.

 

WPA3-Personal introduces the SAE handshake protocol. Compared with WPA/WPA2-PSK authentication, WPA3-SAE can effectively defend against offline dictionary attacks and mitigate brute force cracking posed by weak PASSWORDs. In addition, the SAE handshake protocol provides forward secrecy. Even if an attacker knows the PASSWORD on the network, the attacker cannot decrypt the obtained traffic, greatly improving the security of a WPA3-Personal network.

 

WPA3-Enterprise still uses the authentication system of WPA2-Enterprise and uses the Extensible Authentication Protocol (EAP) for identity authentication. However, WPA3 enhances the algorithm strength by replacing the original cryptography suite with the Commercial National Security Algorithm (CNSA) Suite defined by the Federal Security Service (FSS). The CNSA Suite has a powerful encryption algorithm and applies to scenarios with extremely high-security requirements.

WPA2 is still widely used. To enable WPA3-incapable STAs to access a WPA3-configured network, the Wi-Fi Alliance defines the WPA3 transition mode. That is, WPA3 and WPA2 can coexist for a period of time in the future. This mode applies only to WPA3-Personal.

 

For open Wi-Fi networks, the Wi-Fi Alliance proposes Opportunistic Wireless Encryption (OWE) authentication based on open-system authentication of WPA3. OWE authentication is a Wi-Fi Enhanced Open authentication mode that allows for network access without the need to enter the PASSWORD. In OWE authentication mode, a device uses the AES encryption algorithm to encrypt data on the network, thereby protecting data exchange between STAs and the Wi-Fi network.

The process of OWE authentication is similar to that of SAE. The difference is that OWE authentication eliminates the need for PASSWORD maintenance. This authentication mode uses the Diffie-Hellman protocol to exchange keys to generate a PMK used for the subsequent four-way handshake. In addition to retaining the convenience of open networks, OWE authentication ensures data security for these networks.

 

The OWE transition mode provides backward compatibility with STAs that do not support OWE authentication. That is, non-OWE STAs access the network in open-system authentication mode, while OWE STAs access the network in OWE authentication mode. The OWE transition mode supports only the AES encryption mode.

In V200R019C00, ACs and APs support WPA3 authentication. In V200R019C10, only ACs support WPA3 authentication. OWE authentication is available since V200R020C10.


View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.