WPA3 (Wi-Fi Protected Access 3), the successor of WPA2, is one of the finest security standards for smart devices.
However, a quick look at the Wi-Fi Alliance website shows that currently very few devices (mostly routers) are WPA3 certified. There are no phones, televisions, set top boxes, smart home gadgets or medical devices in the list.
What gives? For one, since 2006 the WPA2 standard has served us well, so manufacturers aren’t too keen to upgrade. However, ongoing concerns about security and privacy in IoT will eventually require a shift in approach.
For example, many people are still refusing to buy or use smart speakers. After all, news stories or direct experiences with Wi-Fi eavesdropping and snooping are quite fresh in our memories.
Deep down we might hold a poor opinion of our Wi-Fi networks, even though WPA2 supports 128-bit AES keys. That makes it virtually unhackable, but the perception of vulnerability is not going away anytime soon.
This is the reason why current Wi-Fi security standards have to drastically evolve to ensure greater trust in one’s devices and networks.
Why Make WPA3 More Secure?
The WPA3 security protocol has a different makeup in comparison to WPA2. It adds four new features that you wouldn’t find in the older protocol.
Privacy in Open/Public Wi-Fi Networks: Say good bye to packet sniffers, man-in-the-middle attacks and other forms of eavesdropping. These topics will become history soon because WPA3 requires something called “individual data encryption.”
It means that each device connecting to the Wi-Fi network (with or without password) requires strong encryption of its own. If you want to hack into a WPA3 network, you need to first figure out how to “crack” encryption.
There is also Protected Management Frames (PMF) technology to prevent spoofing (see below).
Brute-Force Attack Prevention: WPA3 networks are naturally resistant to brute force attacks even when you have a weak password or no password. After a certain number of failed attempts, the device will automatically disconnect. If the kids that live below your apartment make an attempt to hack into your Wi-Fi, you will get an alert.
Connecting Devices without Display: The limitation of WPA2 and older is that the device must have a display with keypads to enter passwords. Many smart home devices such as light bulbs, IoT sensors and switches lack these. WPA3 design allows your phone or laptop to connect with IoT devices that don’t have displays.
Higher Cryptopgraphic Strength for Sensitive Networks: For sensitive government, defense and data centers networks, WPA3 offers a 192-bit cryptographic strength which is impossible to penetrate.
WPA3 Applications in Smart Devices
It is not hard to imagine that WPA3 has just raised the bar on secure access, and IoT devices will largely benefit from the new protocol.
At CES 2019, Wi-Fi Certified WPA3 was one of the core network protocols promoted for use in smart homes. There is quite a bit of consensus now that WPA3 is impossible to crack.
The following shows how IoT device users will benefit from WPA3 protocol.
- Smart Homes: Get one of the WPA3-certified routers as an access gateway, and you can stop worrying about intruders in your network.
- No Surveillance: If you live in a country where you fear surveillance by the government, WPA3 can protect your data transfer abilities.
- Smart Cities: The fact that you do not require displays will help connect the infrastructure of smart cities. For example, street lights.
- eHealth and Telemedicine: The confidentiality issues in medical IoT can be solved, and new compliance standards can be built on WPA3.
One of the biggest concerns in IoT adoption is that people still have little or no trust in their devices. However, the bogey is not really the devices but the networks you place them in. Less than two percent of smart speaker users are using voice-based purchase for e-Commerce.
Combined together, WPA3 and hardware secure modules (HSM) can be the perfect match in IoT heaven. Think about it – a network that cannot be penetrated and a device that is totally resilient to attacks. What more does one need to be able to relax regarding the security of IoT devices?