Home / Cisco Wireless / Introduction to WPA3 -Wireless Protected Access Version 3

Introduction to WPA3 -Wireless Protected Access Version 3


Today I am going to talk about WPA3, WPA3 is a wireless security standard and is the enhancement of WPA2 and WPA1. As we all know that “WPA” stands for Wi-Fi Protected Access. With the enhancement in the WPA standards, The WPA3 standard enhances four features that are not found in WPA2. 

Vendors or OEMs must fully implement these characters to market their devices as “Wi-Fi CERTIFIED WPA3”.WPA3 covers four different features, with four different contexts: WPA3-Personal, WPA3-Enterprise, Open Networks, and IoT secure onboarding.

WPA3-Personal uses Simultaneous Authentication of Equals (SAE), well-defined in the IEEE 802.11-2016 Standard. With SAE, the capability for the user is unchanged (create a password and use it for WPA3 personal). Though, WPA3 adds a step to the “handshake” that makes brute force attacks ineffective. 

Fig 1.1- WLC Infrastructure in Campus
The passphrase is never showed, making it impossible for an attacker to find the passphrase through brute force dictionary attacks. WPA3 also makes management frames more robust with the mandatory addition of Protected Management Frames (PMF) that adds an additional layer of protection from de-authentication and disassociation attacks.

WPA3 also announces a 192-bit cryptographic security suite. This level of security provides consistent cryptography and eliminates the “mixing and matching of security protocols” that are defined in the802.11 Standards. 

This security suite is aligned with the recommendations from the Commercial National Security Algorithm (CNSA) Suite, commonly in place in high-security Wi-Fi networks in government, defense, finance and industrial verticals.

The upgrade to WPA3 Open Networks includes an additional mechanism for public Wi-Fi, Opportunistic Wireless Encryption (OWE). With this mechanism, the end user onboarding experience is unchanged, but the Wi-Fi communication is automatically encrypted, even if the Wi-Fi network is Open.

WPA3 will be backward compatible with WPA2, meaning your WPA3 devices will be able to run WPA2. However, it is expected that it will take a few years for vendors to fully transition to WPA3-only modes, therefore WPA2 transmission capabilities may be in use for the near future.