Major WIFI security upgrade, are you ready?Billy McKindley
Let’s take a moment and talk about some upcoming changes to the WiFi standards, these changes will bring massive security enhancements – However there’s a couple of things you need to be aware of.
Over the years, we have seen WiFi overtake wired networks as the preferred and simplest way to connect devices:
- Enterprises are using WiFi to connect staff and devices to corporate networks.
- Retailers using it for POS and tracking of stock movements in warehouses.
- Public “Free WiFi” solutions allow the public to browse the Internet while out and about.
- Hospitals and care facilities use WiFi for mission-critical patient care and telecommunications requirements.
- Schools are using WiFi to administer exams and deliver learning material.
When did WiFi become so mission-critical, what would happen if you unplugged your WiFi for a day, would you survive?
WiFi isn’t going away and the number of new WiFi enabled devices is astonishing, Televisions, Aircons, Door Bells, Surveillance Cameras, Dishwashers…
If you have ever setup WiFi on your phone or at home you would have seen acronyms like WEP, WPA and WPA2, these are wireless security standards (protocols) designed to add security to WiFi with features like authentication and encryption.
- WEP was released in 1997 and was quickly discovered to have major security weaknesses.
- WPA was released in 2003 to replace WEP.
- WPA2 was released in 2004 and is the standard we still use today.
- Over the years there has been several extensions programs aimed at bolstering WPA2 security such as TLS, TTLS, SIM etc – however the fragmentation this has caused is a major problem and has created mismatching security and interoperability issues within the WiFi landscape.
Make way for WPA3!
After 14 years of WPA2 its time for a major upgrade, WPA2 has served us well even with its flaws, which could be addressed with the new WPA3 standard.
WPA3 promises multiple enhancements:
1. Device Provisioning Protocol (DPP) is an exciting development for provisioning Internet of Things (IoT) devices. This will make it easier to on-board devices that don’t have rich user interfaces such as screens or webapps and allows on-boarding of devices via a Smartphone app used by an authenticated user.
2. Opportunistic Wireless Encryption (OWE) is encryption for open wireless networks that prevents eavesdropping attacks by encrypting the traffic between the AP and the client, before any authentication occurs. Although a welcome enhancement it still doesn’t address threats like Evil Twins and Honeypots.
3. Suite B WPA3 adopts stronger cryptographic algorithms defined by the US Government. While mainly government and banking deployments are most interest in this feature, once available all wireless deployments will benefit from these capabilities.
4. Simultaneous Authentication of Equals (SAE) is designed for clients that use insecure passwords, SAE adds another tenet of security that mitigates dictionary attacks by introducing a secure handshake.
And there’s more…. The 802.11ac standard will possibly be surpassed by 802.11ax which provides benefits in capacity for high-density deployments via multiple improvements:
1. Enhanced Network Efficiency enables multiple-user operation efficiency over-the-air
a. Orthogonal Frequency-Division Multiple Access (OFDMA) enhancements by multiplexing users it offers a 4x higher throughput over Wave-2 802.11ac in high density deployments.
b. Multi-User Multiple Input Multiple Output (MU-MIMO) enhancements sees a single multi-spatial stream Access Point simultaneously transmit to multiple clients with fewer spatial streams.
2. Enhanced Link Efficiency of Quadrature Amplitude Modulation (QAM) allows for more data to be packed and transmitted simultaneously.
3. Improved robustness in outdoor deployments.
4. Improved spectrum reuse through spiral reuse.
What does all this mean for your WiFi deployment?
You have a little time to digest and plan your upgrades, the upgrade will hit the market in late 2019 with manufactures already investigating upgrade pathways, some of the high-end manufactures have already confirmed their 802.11ac Wave2 hardware will support WPA3 via a firmware upgrade.
What if your planning to purchase new WiFi equipment in the next 12 months?
Before you commit to WiFi equipment for the next 3-5 years, I’d suggest double checking the manufacture is going to support WPA3 in the future via a software/firmware update, not all manufactures will upgrade existing equipment to WPA3, instead they will expect you buy new equipment.
How do you upgrade to WPA3?
This upgrade will most likely require you to do something to activate it, when its released, this could be as simple as downloading a firmware update and will require some clients to re-authenticate to the network after the upgrade.