Wi-Fi Alliance aims to KRACK security problems in WPA3

News

The Wi-Fi Alliance has announced a new security protocol which will aim to address a range of vulnerabilities in the Wi-Fi standard.

The third generation of the Wi-Fi Protected Access protocol, WPA3, will offer four new capabilities to safeguard both personal and enterprise networks.

The features include supplementing security when users have passwords which do not fulfil complexity requirements and making it simpler to configure protection for devices that have limited or no display interface.

Another will provide individualised data encryption to improve privacy for users in open networks. Sectors with higher security requirements such as government, defence and industrial, will also be able to use a new security suite aligned with the United States’s Committee on National Security Systems.

The alliance said the new protocol will be introduced during 2018.

The group also said it would continue enhancing the existing WPA2 protocol with enhancements that will reduce vulnerabilities created through misconfigured networks and add centralised authentication to managed systems.

“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance.

Joe Hoffman, an analyst at SAR Insight & Consulting, said: “Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry. Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”

The new security push follows the discovery of serious weaknesses in WPA2 by Belgian security experts in October. The team from the university KU Leuven found that using a technique called a key installation attack (KRACK), hackers could read information that had been assumed to be encrypted.