Tuesday, July 17, 2018
  • Circle City Con 5.0 2018, Tony Martin-Vegue’s ‘How to Lie with Statistics, Information Security Edition’
  • The Serverless Show: Serverless + Blockchain, The Comprehension Divide, Role of DevOps
  • How Microsoft 365 Security integrates with the broader security ecosystem—part 1
  • Does my Board of Directors Need a Cybersecurity Board Member?
  • Tackling Accountability in Asia

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Community
    • Security Bloggers Network
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Network Security Security Bloggers Network 

Home » Cybersecurity » Network Security » WPA3: What You Need To Know

WPA3: What You Need To Know

by Craig Young on June 29, 2018

Earlier this month, the Wi-Fi Alliance made a press release announcing the availability of WPA3.

Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by leveraging a more modern key establishment protocol called Simultaneous Authentication of Equals (SAE). This mechanism has some commonality with the Diffie-Hellman key exchange and has already been deployed in some mesh network standards. In addition to thwarting offline password cracking attempts, SAE provides forward secrecy so that an attacker cannot decrypt previously recorded sessions even if the WPA3 passphrase is known.

Another huge enhancement in this announcement is the Wi-Fi Device Provisioning Protocol (DPP) to replace the readily exploitable Wi-Fi Protected Setup (WPS).

With DPP, devices can be authenticated to join a network without a password through various means including QR codes or NFC tags. Unlike existing options, however, this is not simply a mechanism for communicating the password but rather it is a way for devices to perform mutual authentication without a password.

WPA3 also promises to improve security for open networks such as guest or customer networks in coffee shops, airports, and hotels. Although the standard does not appear to protect against a rogue access point, it should prevent passive nearby attackers from being able to monitor communication in the air. This is because WPA3 supports password-free encryption between stations and access points, but does not seem to provide a way for devices to discern between legitimate and rogue access points.

Despite these vast improvements, there is likely no reason for anyone to be rushing out to buy a new router for WPA3 support. For starters, it is important to recognize that Wi-Fi has a long history (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Craig Young. Read the original post at: https://www.tripwire.com/state-of-security/featured/wpa3-what-you-need-to-know/

June 29, 2018June 29, 2018 Craig Young 0 Comments Featured Articles, Off Topic, router, security, WPA3
  • ← GitHub Account of Gentoo Linux Hacked, Refrain from Using Its Code
  • California GDPR →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

How to Protect Tomorrow’s Critical Infrastructure
CPU Speculative Execution Hits Again with 2 New Spectre Variants
VPNFilter Attack Hits Chlorine Plant in Ukraine
Cybersecurity Job Seekers: Go West (or South)
We Have the Silver Bullet for BS Detection – CISO/Security Vendor Relationship Podcast
Your IoT security concerns are stupid
8 Reasons Mobile Apps Access Location + Security Policies to Consider
Roadmap for the Data Gold Rush: Maintaining Qualitative Data in the IoT Environment
A primer: How to stay safe on Amazon’s Prime Day Sale
Need for Speed: Optimizing Data Masking Performance and Providing Secure Data for DevOps Users

Upcoming Webinars

Wed 18

Embrace DevSecOps and Enjoy a Significant Competitive Advantage!

July 18 @ 11:00 am - 12:00 pm
Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Security RSA Special Report

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0
Is Vulnerability Management Now Out of Our Control?
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Is Vulnerability Management Now Out of Our Control?

July 6, 2018 Chris Calvert | Jul 06 0
Security Risks Created by SaaS (They Might Not Be What You Expect)
Industry Spotlight Network Security Security Boulevard (Original) 

Security Risks Created by SaaS (They Might Not Be What You Expect)

July 5, 2018 Arlo Gilbert | Jul 05 0

Top Stories

VPNFilter Attack Hits Chlorine Plant in Ukraine
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

VPNFilter Attack Hits Chlorine Plant in Ukraine

July 16, 2018 Lucian Constantin | Yesterday 0
Security Boulevard’s 5 Most Read Stories for the Week, July 9-13
CISO Suite Cloud Security Cybersecurity DevOps Featured Malware Most Read This Week News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Security Boulevard’s 5 Most Read Stories for the Week, July 9-13

July 16, 2018 Saleem Padani | Yesterday 0
CPU Speculative Execution Hits Again with 2 New Spectre Variants
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

CPU Speculative Execution Hits Again with 2 New Spectre Variants

July 13, 2018 Lucian Constantin | 4 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.