3 Key Benefits of the WPA3 Wi-Fi Security
Latest in Wi-Fi security
Earlier in 2018, Wi-Fi Alliance (WFA) announced enhancements to Wi-Fi access security. These enhancements are collectively referred to as Wi-Fi Protected Access – III (WPA3), successor to the currently installed WPA2 standards. More users are connecting to the network over mobile devices and Wi-Fi networks are carrying a significant portion of the network traffic. Multiple surveys have indicated that users are connecting to open public networks out of necessity even when they are aware of the potential risks. IoT implementations are becoming mainstream. The heightened security concerns in light of these trends led to the genesis of WPA3 after 14 years of publishing WPA2.
WPA/WPA2 have two distinct variations based on target users and authentication key distribution. WPA-Personal is designed for home users and small networks where a pre-shared key is manually input into the device while joining the network. WPA-Enterprise is designed for large networks by automating key generation and exchange to authenticate and encrypt the communication between the wireless device and the access point (AP).
Three key benefits of WPA3
- In-transit Security: The new standard introduces enhanced 128-bit encryption in WPA3-Personal and 192-bit encryption for WPA3-Enterprise implementations. Using higher bit encryption significantly decreases the odds of compromising the key.
- Secure Authentication: Similar to WPA2, WPA3-Personal still uses a pre-shared key to join the network. However, WPA3 adds another layer of security or “handshake” called Simultaneous Authentication of Equals (SAE). The latest standard also introduces “forward secrecy”, which protects the ongoing communication even if the pre-shared key used to authenticate is compromised.
- Public Network Security: Public networks such as in airports, malls and municipal networks are usually unencrypted or “Open.” With WPA3, the communication over open network is automatically encrypted with a mechanism called Opportunistic Wireless Encryption (OWE). This prevents eavesdropping while connected on a public network.
In addition, WPA3 introduces an optional Device Provisioning Protocol (DPP) for onboarding IoT devices that do not support a browser. DPP allows IoT devices to be configured with network credentials using QR code.
What does WPA3 mean for Riverbed Xirrus customers?
As a good IT practice, security fixes should to be applied immediately when available. Every customer can benefit by adopting the new standard which is designed for backward compatibility. Both WPA2 and WPA3 clients can exist in the same Wi-Fi network. To take full advantage of WPA3 enhancements, both the AP and the clients have to support the new protocol. A Wi-Fi network with only WPA3 implementation will take few years as client device vendors have to fully support the new standards.
Riverbed Xirrus will be rolling out software for our APs over the coming quarters. The software will be made available on our support site. You can log in to the support site to download the latest software.
Wi-Fi security is optional and adds some overhead to the process of someone connecting to the network. As such, security is often not deployed. That is, until the first breach happens. Riverbed takes a tiered approach to security with EasyPass layered on top of WPA2.
EasyPass Access Service
Xirrus EasyPass Access Service delivers enhanced security for Xirrus network. EasyPass is a suite of security solutions for different types of users. By enabling single sign-on with Microsoft Azure or Google G-suite, users are allowed on the network only upon domain authentication. Users bringing their own personal devices (BYOD) are given unique per user pre-assigned keys, eliminating the risk of using a common pre-shared key across all users. EasyPass supports onboarding of IoT devices that do not support browsers and also provides various options for guest connectivity. Download the EasyPass Solution Brochure to learn more about how you can enhance security of your Xirrus Wi-Fi network over existing WPA2 implementation and WPA3 in the future.