Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Wireless Networking Communications The Internet

Wi-Fi Alliance Launches WPA3 Security Standard (securityweek.com) 97

wiredmikey writes: The Wi-Fi Alliance, the organization responsible for maintaining Wi-Fi technology, announced the launch of the WPA3 security standard. The latest version of the Wi-Fi Protected Access (WPA) protocol brings significant improvements in terms of authentication and data protection.

WPA3 has two modes of operation: Personal and Enterprise. WPA3-Personal's key features include enhanced protection against offline dictionary attacks and password guessing attempts. WPA3-Enterprise provides 192-bit encryption for extra security, improved network resiliency, and greater consistency when it comes to the deployment of cryptographic tools.

This discussion has been archived. No new comments can be posted.

Wi-Fi Alliance Launches WPA3 Security Standard

Comments Filter:
  • Some info (Score:5, Informative)

    by Artem S. Tashkinov ( 764309 ) on Tuesday June 26, 2018 @10:22AM (#56847756) Homepage

    Too bad, my submission has been rejected even though it had a lot more information which I'll post anyways:

    New security features include:

    • WPA3 uses the Simultaneous Authentication of Equals (SAE) algorithm, which replaces Pre-shared Key (PSK) in WPA2-Personal, while WPA3-Enterprise uses a more complex set of features that replace IEEE 802.1X from WPA2-Enterprise. These are: authenticated encryption, key derivation and confirmation, key establishment and authentication, robust management frame protection.
    • WPA3 is resistant to dictionary attacks. The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.
    • Wi-Fi Easy Connect for WPA2 and WPA3: This feature is aimed at smart (Internet of Things) devices that don't have a screen where a user can configure its Wi-Fi network settings. For example, a user will be able to use his phone or tablet to configure the WiFi WPA3 options of another device that doesn't have a screen, such as tiny IoT equipment like smart locks, smart light bulbs, and others.
    • Wi-Fi Enhanced Open: a proprietary technology, which uses an algorithm known as Opportunistic Wireless Encryption (OWE) to encrypt each connection between a WiFi user and the router/access point with its own custom encryption key. This per-user encryption prevents local attackers from snooping on other users' traffic, even if the network doesn't require a password to join.

    Source [bleepingcomputer.com]

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      its a poorly kept secret that wiredmikey is banging msmash
      your submission had no chance

    • by crow ( 16139 ) on Tuesday June 26, 2018 @10:53AM (#56847954) Homepage Journal

      Most of this is incremental security improvements, as for most users, WPA2 is still sufficiently secure. However, the big deal here is the opportunistic encryption that will encrypt connections that don't require authentication. That's a big deal.

      I like to leave my WiFi open for guests, but I have to set up a separate network in order to keep my regular use encrypted. Once everything supports opportunistic encryption, I can just have one network. That's not particularly important.

      Where this matters is public WiFi. Many stores have free WiFi with no password. Often they have a login after you connect (annoying, but a separate issue), but there is no encryption on the link. Anyone who knows what they're doing can see every packet you send. When this technology becomes widespread, it will become a bit harder for evesdroppers.

      Of course, using public WiFi, you should be using end-to-end encryption on anything important. This is pretty much standard these days for most things, but too often something slips through.

      • WPA2 is still sufficiently secure

        Aside from open networks like you've mentioned. Also, WPA2 allows offline password recovery when authentication is enabled and that's a really bad thing since many people like to use very simple digit only passwords which can be trivially guessed using a modern GPU and hashcat or using a service like GPUHash.

      • However, the big deal here is the opportunistic encryption that will encrypt connections that don't require authentication. That's a big deal.

        That's an oxymoron.

        • by crow ( 16139 )

          No, it's not.

          Encryption means a third party eavesdropping can't parse the communication.

          Authentication means the host validates the identity of the client, typically using a password.

          There's no requirement that these be linked. Of course, authentication without encryption is quite difficult to do securely. Encryption without authentication does leave the door open for a man-in-the-middle attack, but it does block passive monitoring.

          • No, it's not.

            Yes it is.

            Encryption means a third party eavesdropping can't parse the communication.

            Encryption without trust is an oxymoron. "Third party" is a rather meaningless concept when you have no earthly clue who the "first party" is in the first place.

            There's no requirement that these be linked.

            Trust is a core requirement of EVERY secure system with NO EXCEPTIONS.

            Encryption without authentication does leave the door open for a man-in-the-middle attack, but it does block passive monitoring.

            Who cares? If I can receive a signal I can transmit one just as easily. All WiFi radios are transceivers.

            Given proliferation of https the salient threat to end users from unsecured Wi-Fi has always taken the form of ACTIVE adversaries doing a hell of a lot more than j

      • by skids ( 119237 )

        It's an improvement, and I'd much rather have it than not, but without any authentication you have no way of knowing in a public WiFi hotspot if the AP you connected to is the one operated by the hotspot, or the one running off the laptop of the guy next to you sipping a latte he payed for from the bank account of the last guy who sat where you are sitting. Same goes for anything using a symmetric key, so adding a WiFi password that you then tell to everyone does not help things.

        It's TBD whether the extra

      • I also understand that WPA3 will get forward secrecy [wired.com], and sessions will negotiate a temporary ("ephemeral") key for symmetric cryptography (assuming AES).

        Should the traffic be recorded, it cannot be decrypted later if the password is broken.

        The other benefit comes in the event that your password gets compromised nonetheless. With this new handshake, WPA3 supports forward secrecy, meaning that any traffic that came across your transom before an outsider gained access will remain encrypted. With WPA2, they ca

      • I am a home desktop user. For my passwords, I run a sha256sum against a text string that I can easily remember for a given website and I use that sha256sum hash as my password. The hash from sha256sum is long enough that they can't figure out my initial text input. My simple text string is easy to remember as I can't ever remember what my hashed value waz or would be.

      • Wi-Fi Enhanced Open: a proprietary technology, which uses an algorithm known as Opportunistic Wireless Encryption (OWE) to encrypt each connection between a WiFi user and the router/access point with its own custom encryption key. This per-user encryption prevents local attackers from snooping on other users' traffic, even if the network doesn't require a password to join.

      War is Peace
      Freedom is Slavery
      Ignorance is Strength
      Open is Proprietary

    • With a word salad like that I'm not surprised it was rejected. That was incredibly hard to read. Summaries and formatting exist for a reason and a Slashdot Sunday shouldn't take up my entire screen.

  • by the_skywise ( 189793 ) on Tuesday June 26, 2018 @10:24AM (#56847764)
    WEP sank into the swamp
    So we built WPA on top of it and it sank into the swamp
    Then we build WPA2 on top of it and it caught fire and sank into the swamp
    But WPA3.. WPA3 will stand the test of time!
    • WPA2 with CCMP (not TKIP) is still secure enough

    • It's an arms race. Each new iteration of security is presumably stronger, but the bad actors also get smarter. There will never be a "final" version.

  • by Anonymous Coward

    Is this something a router/access point running OpenWRT could upgrade to? Or would WPA3 require a driver/firmware upgrade as well?

    • Strange the article doesn't mention about upgrade ability. I assume there is none like last time for WPA to WPA2.

    • It will definitely require a new version of the wpa_supplicant daemon and probably drivers will have to be updated as well, but other than that, I see no issues.
      • I would imagine new hardware would be required, IF you want to offload the new features off of the CPU, otherwise updated drivers/wpa_supplicant daemon should probably be sufficient.
    • by skids ( 119237 )

      Yes, pretty sure. WPA3 development for hostapd has been proceeding abreast the standard development process. Perhaps some chipsets may not be able to pull off the 192-bit crypto suite in hardware... but nearly nobody will deploy that I would guess. No idea on timelines... you can watch for code commits on w1.fi/cgit but you need to know a whole buttload of acronyms to understand WTH is going on.

       

  • by Anonymous Coward

    Why are there separate Personal and Enterprise ones?

    • by chris234 ( 59958 )

      With luck this time devices will need to support both personal and enterprise to be considered WPA3 compliant. Lack of enterprise support is one of the big pain points in supporting consumer-grade devices on a campus network.

    • It depends on whether you're willing to spend money for additional security.

      Personal authentication is less secure, but you don't need anything besides the router.

      Enterprise authentication is more secure but requires additional infrastructure. E.g., the 802.1X authentication for WPA2 Enterprise requires a RADIUS server or equivalent to authenticate users. Since enterprise authentication is unique for each user, you can assign network access with per-user profiles with more equipment (e.g., Cisco ISE).

      • It depends on whether you're willing to spend money for additional security.

        Personal authentication is less secure, but you don't need anything besides the router.

        Enterprise authentication is more secure but requires additional infrastructure. E.g., the 802.1X authentication for WPA2 Enterprise requires a RADIUS server or equivalent to authenticate users. Since enterprise authentication is unique for each user, you can assign network access with per-user profiles with more equipment (e.g., Cisco ISE).

        And if you want to do Corporate certificate authentication it requires a certificate infrastructure, certificate management, and a way to install certificates on devices (i.e. AD policies, Airwatch, etc.).

      • Personal authentication is less secure, but you don't need anything besides the router.

        The F**** it is. If you select a PSK with sufficient entropy and successfully guard it from "undesirables" it's way more secure than enterprise.

        Enterprise authentication is more secure but requires additional infrastructure. E.g., the 802.1X authentication for WPA2 Enterprise requires a RADIUS server or equivalent to authenticate users.

        LOL... is this the same ultra secure protocol that encrypts session encryption keys between authenticator and AP with MD5 xor? Give me a break.

        • by skids ( 119237 )

          The F**** it is. If you select a PSK with sufficient entropy and successfully guard it from "undesirables" it's way more secure than enterprise.

          It's the guarding it from undesirables part that makes WPA2 less secure. Otherwise it is as secure, not more secure, than properly implemented WPA2-Enterprise.
          The trick to properly implementing WPA2-Enterprise is mostly in the client setup, as long as you follow some pretty well understoof best practices on the server side.

          As to the GP: if your OpenWRT box has enough RAM and flash, you can get the entire WPA2-Enterprise stack up on a single device.

          • The trick to properly implementing WPA2-Enterprise is mostly in the client setup, as long as you follow some pretty well understoof best practices on the server side.

            I disagree. With one or a small number of individuals WPA2 provides superior security.

            I've never seen a properly configured supplicant in my life.

            Basic things like linking cert identity to what your connecting to have been punted to clueless end users. The only reasonable way WPA2-Enterprise works in practice is by pushing configuration to clients in advance.

            I've also never seen a secure authenticator in my life. I very much doubt a secure implementation even exists in the field. Encryption keys for the

            • by skids ( 119237 )

              I've never seen a properly configured supplicant in my life.

              If you have few enough users that you can safely share the PSK among them, you have few enough
              users to go secure their supplicants. Also, even misconfigured OSX users are relatively safe assuming they
              connect safely the first time, given the supplicant's pinning behavior.

              I've also never seen a secure authenticator in my life.

              ...you ain't been around. Most systems these days authenticate from the controller, not the AP,
              so the RADIUS all happens in the DC, behind locked doors. AP/Controller comms is by IPSec
              or a vendor's minor perversion of IPSec, usually built

              • ...you ain't been around. Most systems these days authenticate from the controller, not the AP,

                so the RADIUS all happens in the DC, behind locked doors. AP/Controller comms is by IPsec or a vendor's minor perversion of IPSec,

                You're right, I've not been around. I've never seen an environment where any of this has occurred. All I see are APs terminating RADIUS and RADIUS over insecure WAN/LAN and even Internet links.

                Also a lot of the controllers support either terminating IPSec generically,
                or RadSec for RADIUS.

                Now I know you are just fucking with me. A lot of nothing currently supports RadSec.

                • by skids ( 119237 )

                  I guess HPE-Aruba counts as a lot of nothing?

                  https://www.arubanetworks.com/... [arubanetworks.com]

                  • I guess HPE-Aruba counts as a lot of nothing?

                    Did some trolling of vendor sites and while most vendors in our orbit of the world don't support RadSec I did find two that do. This is really nice to see and somewhat unexpected. I hope adoption picks up rapidly.

                    • by skids ( 119237 )

                      Yeah... the generic IPSec support for control plane stuff is even better, but I'll take RADSec when I can't get that.

                      (We were actually running it from FreeRADIUS with the eduroam TLRs for a while but they stopped supporting it. Hopefully to return some day.)

                      Was just reading up on EAP-PWD as a result of this thread... needs a password change mechanism and identity privacy but good to see something
                      else practical gaining some small toehold (on Android).

                      Maybe wrap it in an opportunistic unauthenticated TLS ses

                    • Was just reading up on EAP-PWD as a result of this thread... needs a password change mechanism and identity privacy but good to see something
                      else practical gaining some small toehold (on Android).

                      EAP-PWD = Dragonfly = Flawed = Fixed protocol = Mistake.

                      Just use EAP-TLS yet rather than or in addition to certs use a PAKE at TLS layer like TLS-SRP. It is drop in compatible with existing RFCs, you just need to write a couple of callbacks to make it work and it will benefit from generic interfaces for other PAKE like ciphers to provide crypto-agility in TLS 1.3 and beyond so your not constantly chasing protocols.

                      Maybe wrap it in an opportunistic unauthenticated TLS session to gain fast resumption and identity privacy against passive (but not active) attackers, but that still leaves you without an inline password-change mechanism...

                      The nice thing about TLS-SRP it allows you to do both RSA and SRP so identity doesn't have to

    • Short version: because when you fire an employee you want to cut their wifi access without changing everyone else's password.

    • by SuiteSisterMary ( 123932 ) <slebrun@gm[ ].com ['ail' in gap]> on Tuesday June 26, 2018 @12:48PM (#56848790) Journal
      The very reductive, overly-simplified short form is 'personal asks you for THE wi-fi password. Enterprise asks you for YOUR wi-fi password.'
    • Because the message is "Corps are important, you're not."
  • by Anonymous Coward

    continuing the bs... It should be as good as it can be... no need for half arsed Personal version

    • To make use of the additional features of the enterprise version you need additional servers and networking equipment.

      Without that additional equipment, you're running the personal version anyway.

  • by Anonymous Coward

    I understand that WPA Enterprise is built off existing technologies but holy fuck setting up it's infrastructure should not be like pulling teeth.

    If someone could figure out a way to create an easy to implement, reasonable cost WPA enterprise-as-a-service they would literally print fucking money. Bonus if you could tie it in to an SSO service.

    • by Anonymous Coward

      If someone could figure out a way to create an easy to implement, reasonable cost WPA enterprise-as-a-service they would literally print fucking money. Bonus if you could tie it in to an SSO service.

      They did, it's called FreeRADIUS. [freeradius.org]

      The only thing missing is a Wizard to set up the server, and a easy way of getting the certs installed on endpoint machines.

      Smart devices work perfectly fine. Just install the cert and go.

      Windows needs GP to do this without seeing windows' ugly side. A.K.A. Non-descriptive Dialog

  • by Anonymous Coward on Tuesday June 26, 2018 @10:55AM (#56847984)

    Knowledge of the pre-shared key in personal mode no longer give an attacker the opportunity to decrypt everything on the network. In WPA and WPA2, an attacker who knows the PSK (for example that of a public hotspot) can passively record the handshake frames and recover the keys used by other clients. WPA3 prevents this, so even when you use a public hotspot, the connections between your computer and the access point are secure against passive attacks. (An attacker can still perform a MITM attack because there is no way to authenticate a public hotspot with a non-secret PSK.)

  • by WaffleMonster ( 969671 ) on Tuesday June 26, 2018 @12:45PM (#56848776)

    WPA3 is resistant to dictionary attacks. The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.

    WPA3 uses Dragonfly which was shown to be vulnerable to small subgroups that can be exploited to conduct offline dictionary attack.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    RFC 7664 section 4 even provides optional advice for mitigation.

    Amazing to see new security protocols out of the gate include crypto known to be flawed.

    • I think you're greatly exaggerating the problems. If you do public key validation, as we've long known you should do to protect against these kinds of attacks, the problem goes away. Or, if you use safe-prime groups, as the community has moved to for DH, the problem pretty much goes away. It should go away for ECC groups, too.

      • I think you're greatly exaggerating the problems.

        I never expressed an opinion with regards to severity. What I know is the flaw exists in Dragonfly while other PAKEs have addressed the specific problem.

        If you do public key validation, as we've long known you should do to protect against these kinds of attacks, the problem goes away.

        What this essentially says is that if you punt the problem to something else the original problem no longer matters.

        This isn't at all useful. The whole point of PAKEs are to securely leverage mutual password knowledge to establish a secure trusted channel not offload trust to something else. If a particular PAKE is incapable of doing what it is intended

        • First, keep in mind the WiFi Alliance isn't developing standards. The standards are developed in IEEE 802.11. The WiFi Alliance is basically creating a profile of the 802.11 standards that they'll cover as part of their certification program. Dragonfly is used because that's what's specified in 802.11.

          Are there better ones? Perhaps, although Dragonfly has been around for a while and has been the subject of third-party analysis. There's something to be said for preferring an older scheme with well-unde

          • Are there better ones? Perhaps, although Dragonfly has been around for a while and has been the subject of third-party analysis. There's something to be said for preferring an older scheme with well-understood implementation considerations (which you're calling "flaws") over newer proposals that might seem to have better properties, but whose implementations haven't been fully considered. In other words, prefer the devil you know.

            SRP-6 is now something like 16 years old. The only excuses in various WGs for not using it last decade were unspecified patent fears from company "L" too lazy to perform an internal search and state a public position. All of that is history now.

            Public key validation doesn't refer to a PKI. It just means when you're doing a Diffie-Hellman key exchange you should check that the public key you receive is in the subgroup its supposed to be in.

            I don't understand the difference. Who creates the public key? How does the peer validate/trust it?

            When I hear use public key I think of cipher suites which leverage both the PAKE and RSA et el together in a single TLS handshake. This requires servers to possess

Disc space -- the final frontier!

Working...