1(630)802-8605 Ravi.das@bn-inc.net

I gotta tell ya that when I was first introduced to the Internet when I was doing my MBA, the first tools I ever learned was Eudora  and Netscape Navigator, which was of course way back (not to reveal my age).  At that time, I also worked for the BGSU (Bowling Green State University) Computer Information Services Department, where I was a sales  consultant selling MacIntosh  computers.

At that time, not only did I learn the consultative sales approach, but I also learned how to hard wire and configure all of these machines as well.  During this timeframe, the only way to access the Internet was through the traditional Cat 5 Ethernet cabling – meaning, everything was hard wired.

Yea, you had the yellow light an the green lights in the Ethernet card telling you that data packets were being transferred, and that there was an Internet connection that was  established so you could surf the  Web.

Well,  now fast forward these last two and half decades or so, and now we have wireless.  Wherever you go, for the most part, you can hop onto a WiFi, and get an internet connection that is even faster than I knew it when I was first introduced it.

Because WiFi has permeated so much of our lives (the Smartphone has also been a catalyst in this as well), it has no doubt also become the prime target for the Cyber attacker.

Because  of this, the Wi-Fi Alliance (https://www.wi-fi.org/) has just released the newest WiFi network protocol, called the “Wi-Fi Certified WPA3”.  The existing protocol, known as the “WPA2” has been in service for 14 years now, and as a result, will soon quickly be retired as a result of the WPA3.  Some new features of the WPA3 include the following:

  • Additional features to simplify the level of WiFi security;
  • Enable more robust authentication;
  • Deliver increased cryptographic strength for extremely sensitive data markets.

The WPA3 network protocol also alleviates one of the major problems that was encountered in the WPA2:  The four-way handshake.  In simple terms, this is a fancy process in the world of Cryptography in order to make sure that the end user has been properly authenticated:  “We witnessed a new attack that targeted the four-way handshake of the WPA2 protocol and tricked the victim’s device into reusing an already-in-use key.”  (SOURCE:  https://www.technewsworld.com/story/85419.html).

This flaw was discovered just last year, and it was a vulnerability that the Cyber attacker took advantage of very well.  Another facet that has been added to the WPA3 versus the WPA2 is in the Wi-Fi Device Provisioning Protocol.

Apparently, passwords no  longer have to be used, rather; the WPA3 makes use of public key cryptography to identify and authenticate devices.  As a result, this should close up one of the most vulnerable points in any type or kind of WiFi deployments.

This new type of set up should also make  the home WiFi network implementation much more fortified, and not so much prone to Cyber attacks, as it was with the WPA2 network protocol.  Also, “A key is only valid for a particular session, so if a session is intercepted and the key is compromised, it does not provide access to other sessions or future sessions.”  (SOURCE:  https://www.technewsworld.com/story/85419.html).

In a way, this is similar to that of credit card processing using the EMV enabled chip.  For instance, every time you insert your credit card into the slot, a  one time token is established in order to confirm your identity. Once that has been done, and you transaction completed, the token is thus expired and can never be used again.  This also holds true of the WPA3.

Once you access the Internet through this protocol, a one key  is generated and is only valid for that one connection only.  So, if that key were to be intercepted, that particular Internet connection would then be immediately be terminated, and not compromise other connections, as they would require their own unique key.

Also, unlike the WPA2, the WPA3 comes in three different styles:

  • The WPA3-Personal:

This has password-based authentication that’s much more resilient than the WPA2. It also makes use of the “Simultaneous Authentication of Equals”, also known as the “SAE”.  This a secure key protocol which is established between two Smartphones to provide stronger levels of protections for end users against password-guessing attempts by a Cyber attacker.

  • The WPA3-Enterprise:

This offers an extra layer of protection for networks transmitting sensitive data.  It does this by making use of the equivalent of 192-bit encryption.

  • The Wi-Fi Certified Easy Connect:

This is meant to be used for those devices with literally no interface – such as those that are used in an IoT environment.  In this regard, QR codes are used to let users securely add an interface-challenged device to a network through another device, such as your Android device or iPhone.

So, now the next question is when will the WPA3 be fully implemented?  It will start to roll out in the new chipsets starting this summer, but don’t expect full wide usage until for many years down the road.  The primary reason for this is that there are billions of wireless devices in the world today, and each and every  one of them will require a firmware and/or software upgrade(s) to make them compatible to the WPA3.

For example, one of the oldest wireless network protocols, the “Wireless Equivalency Privacy”, or “WEP” is still even in existence after it was first introduced all the way back in 1997.  But, just because there is now a new wireless protocol out there, it doesn’t mean that there you should be in a rush to purchase a router that supports it.  WPA3 still needs to be put through the washing machine to see if it has any Security vulnerabilities or weaknesses.

It’s highly recommended that you still keep using the WPA2, but use all of its security features to the maximum in order to mitigate the risks that are posed by a Cyber attacker.  Till then, I will keep all of you posted on the developments of the WPA3!!!