After more than a decade, Wi-Fi Alliance has announced WPA3. The next iteration of their Wi-Fi Protected Access (WPA) security requirements for certified devices, WPA3 has been engineered to address most of the cybersecurity concerns the market has had with WPA2. In addition, there are a couple of new features addressing the increasing number of Wi-Fi IoT devices.
The WPA3 includes the following updates:
The first two items will be a mandatory for any WPA3 certification. The last two are optional and will be driven by the needs of the application. It should also be noted that WPA3 networks will also mandate the use of protected management frames (PMF) to improve their resilience and protect critical data
SAE is a well understood technology and has been used with the 802.11s standard for several years. This provides comfort that we are not venturing out into the great wild west of the technology unknown.
WPA3 Adoption
The good news is that everyone is on-board with WPA3 and all major Wi-Fi device manufacturers and equipment suppliers have already announced support for the standard, with some introducing products as early as 2018. The Wi-Fi community has taken its time getting this important update to market. The questions are when will it be available and when will it become a must have?
“…when will WPA3 be a must have technology?”
Although not technically dependent upon each other, many are linking the introduction of the new 802.11ax standard with the broad adoption of WPA3. This makes sense since both hardware and software work is required to make a device fully certifiable to the new standard. Support for the increased key length, for enterprise networks, will require an upgrade to the current devices hardware encryption engines. Most suppliers and manufacturers are expecting broad introduction of 802.11ax devices in 2019, this would suggest adoption of both 11ax and WPA3 technology will start to ramp by 2020.
However, WPA3 certification will not be limited to only the new 802.11ax devices. Support for WPA3 functionality, specifically the mandatory portions, will exist within currently available 802.11ac products as a software update. Availability of these updates will be based upon market demand and will undoubtedly vary between suppliers. Silex is already working closely with Qualcomm to enable WPA3 in our existing products and hope to have a full roadmap early 2019.
Another announcement which is important to the schedule is that a “migration mode” has already been defined for 802.11 infrastructure. This will allow both WPA2 and WPA3 devices to exist on the same network. It shouldn’t be a surprise, as a similar capability existed during the transition from WPA to WPA2. The implication here is that existing and future shipping devices that do not have WPA3 capability are and will continue to be important to the user and their networks. This pushes the must have timeline out by some distance, if no further security issues are discovered within WPA2.
“…. don’t panic!”
If you are a supplier of Wi-Fi equipment, it is not the time to panic. Nor should the infrastructure owners be looking to replace their 11ac networks anytime soon. Remember that WPA2 has been an incredibly secure network protocol, with its underlying encryption yet to be broken. The industry has a vested interest in keeping it secure and will continue to support it even though WPA3 has been announced.
The Wi-Fi Alliance will not start testing until later this year and will not make WPA3 mandatory for Wi-Fi Certification until late 2019 or early 2020. This does not mean all your existing Wi-Fi devices are obsolete, it merely means when looking at your next generation product or considering upgrading your WLAN you have a future option to consider.
Let’s hope it isn’t another ten years before we see the next security update to Wi-Fi.