At the beginning of 2018 the Wi-Fi Alliance announced new security enhancements for Wi-Fi Protected Access (WPA). WPA3 has the following enhancements:
- Device Provisioning Protocol (DPP) –DPP enables new devices that do not have a rich user interface to be added to the network via a smartphone or tablet of a user already authenticated, think Internet of Things (IOT). DPP enables the provisioning (on- and off-boarding) of any type of devices while maintaining security.
- Opportunistic Wireless Encryption (OWE) – OWE derives an encryption key between an access point (AP) and a client to what we see as an open SSID and will prevent eavesdropping attacks. Just remember, OWE adds encryption but not authentication.
- Suite-B – WPA3 introduces 256-bit encryption which adopts stronger cryptographic algorithms defined by the US Government. Once available, all wireless deployments will benefit from these capabilities.
- Simultaneous Authentication of Equals (SAE) – SAE is for customers that use insecure passwords, by adding another layer of security with the introduction of a secure handshake. SAE is a secure key establishment protocol between devices, to provide stronger protection for users against password guessing attempts by third parties. The result of the protocol is a cryptographically strong shared secret for securing communication. SAE is resistant to passive attacks, active attacks and dictionary attacks.