At-A-Glance

WPA3: The Next Generation of Wi-Fi Security

Wireless connectivity is a business continuity requirement When It Was Announced in 2018, the Wi-Fi
for most customers. As such, security of networks is a top Alliance Press Release Touted Two Main
priority, and with wireless networking celebrating its 20th Categories of Enhancement
anniversary, it is clear that the wireless industry recognizes • WPA3-Personal: The most significant changes are
that authentication and encryption protocols must evolve being realized within WPA3-Personal, which focuses
to guarantee the security of wireless communication on more resilient, password-based authentication even
moving forward. In June of 2018, nearly 14 years since the when users choose passwords that fall short of typical
last update, the Wi-Fi Alliance announced a major security complexity recommendations. WPA3 replaces PSK with
improvement to Wi-Fi: WPA3 (Wi-Fi Protected Access Simultaneous Authentication of Equals (SAE) from
Three). WPA3 is the next generation Wi-Fi security standard IEEE 802.11 specification, a secure key establishment
that tackles WPA2 shortcomings to better secure personal, protocol between devices, to provide stronger
enterprise, and IoT wireless networks. protections for users against password guessing
attempts by third parties.
So, What is WPA3? • WPA3-Enterprise: Provides superior security for
Wireless security is about being one step ahead of the bad sensitive data networks with the equivalent of 192-
guys. WPA3 builds on WPA2 to deliver a suite of features bit cryptographic strength, helpful in industries such
to simplify Wi-Fi security configuration and enhance Wi-Fi as government, healthcare, or finance. The 192-bit
network security protections, making Wi-Fi connections security suite ensures a consistent combination of
safer and helping to save enterprise and home deployments cryptographic tools are deployed across
from security shortcomings. It delivers more resilient WPA3 networks.
password-based authentication, providing stronger security
protection against password guessing attempts by
third parties, and delivers greater cryptographic
strength for government, defense, and other security-
sensitive environments.

WWW.EXTREMENETWORKS.COM 1
A More Visual Look at WPA3 Announced in This Adoption of WPA3
Latest Update:
The entire ecosystem of wireless vendors and device
manufactures need to embrace WPA3 to make the many
ENHANCEMENT CATEGORY WPA3 - Enterprise WPA3 - Personal
enhancements in this release a reality. It will happen in time,
just as it did for WPA2. The Wi-Fi Alliance doesn’t expect
PMF SUPPORT Protected Mgmt Frames Protected Mgmt Frames widespread implementation until the latter half of 2019,
however with that, the Wi-Fi Alliance believes the backward
EAP-xx EAP-TLS
SAE
interoperability with WPA2 will ensure that some added
AUTHENTICATION (Optional) (Optional)
security benefits will be available as soon as the devices
themselves are.
192-bit Security
(Optional)
In many cases, no changes will be needed in customer
configurations to take advantage of WPA3 features. As
ENCRYPTION AES-128 AES-256 AES-128
wireless vendors release software updates with WPA3
capability to existing products, coupled with purchases of
new WPA3 certified wireless clients, the miracles of modern
This exciting enhancement to the Wi-Fi Alliance standards,
networking will just happen. And with the 802.11ax wireless
while remaining backwards compatible with WPA2, makes
standard beginning to be deployed in networking hardware
many previously-optional components (such as Protected
and software, it only makes sense that those vendors would
Management Frames) mandatory. Collectively, these aid
provide WPA3 compatibility at the same time.
in securing against eavesdropping and man-in-the-middle
type attacks, and provide resistance against both offline
Extreme WPA3 Compatibility Has
dictionary attacks and key recovery. Because WPA3 is
resistant to offline dictionary attacks, users can choose Already Been Deployed
(or administrators can assign) passwords that are simpler,
Back in June 2018, Extreme announced plans for
easier to remember, and easier to enter, while retaining
WPA3, and in November, delivered the first part of that
high security.
promise with SAE support in our ExtremeCloud IQ cloud
management platform, along with the release of multiple
WPA2 vs WPA3 WPA3 supported devices. Extreme APs can support and
The big question: is WPA3 really more secure than its offer the highest level of security available on the client
predecessor? The answer: Yes, absolutely. The third edition devices. This allows Extreme to provide the latest levels
of WPA is a long-awaited and much-welcomed update that of security, yet still support legacy technologies while
improves on WPA2, with more robust authentication and providing isolation between the two groups. Extreme is fully
encryption features, and a solution to the built-in flaw in committed to access network security outside the WPA3
WPA2 that the KRACK attack exploits. realm, with capabilities including Private Pre-Shared Key
(PPSK), full-line rate encryption, integrated TPM chips, fully
The Key WPA2 Enhancements
stateful layer 2-7 firewalls, Private Client Groups, Cloud-
• Mandates support of Protected Management Frames Managed NAC (A3), flexible identity-based security, and
(PMF), which prevents de-authentication attacks where policy enforcement at the edge of the network.
an adversary can forcibly disconnect clients from a
Wi-Fi network and monitor a reconnect.
• Addition of digital certificate test cases to ensure that
proper certificate validation checking is performed by
station devices.
• RSN Element (RSNE) multiple – AKM suite selector
testing validates that client devices can successfully
receive an RSNE that includes more than one AKM
suite selector.
• Patched against the KRACK attack against WPA2.

WWW.EXTREMENETWORKS.COM 2
WPA3 – Personal Versus Enterprise
WPA3 – Personal WPA3 – Enterprise
Robust, password-protected authentication Enterprise-grade security for sensitive networks

• Resistant to offline dictionary attacks; stronger • Available 192-bit cryptographic strength for networks
protections for users against password guessing transmitting sensitive data
attempts by third parties • 192-bit security suite provides additional security for
• Protection even when users choose passwords that fall networks like government and finance
short of complexity recommendations • Greater consistency in application of security protocols
• Provides forward secrecy; protects data traffic even if a • Better network resiliency
password is later compromised
• No change to the way users connect to a network

WPA3 – Device and Product Support

WPA3 Certified Supported Devices Extreme WPA3 Product Support
There are WPA3 certified devices available on the market Management
today, with many more being announced every week. Here • HiveOS 8.4r7
are a few examples of devices available:
(this version adds support for SAE)
Enterprise Access Points
802.11ax Access Points
• Extreme
• AP630
• Aruba
• AP650
• Dell
• AP510C
• Fortinet
• AP510CX
• Netgear
802.11ac Access Points
• Ruckus
(Wave 1 and Wave 2)
Wireless Adapters
• Atom AP30
• Broadcom
• AP122
• Intel
• AP122X
Phones
• AP130
• LG ThinQ
• AP150W
• Samsung Galaxy S10
• AP230
• AP245X
• AP250
• AP550
• AP1130

http://www.extremenetworks.com/contact

©2019 Extreme Networks, Inc. All rights reserved. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in
the United States and/or other countries. All other names are the property of their respective owners. For additional information on Extreme Networks Trademarks please
see http://www.extremenetworks.com/company/legal/trademarks. Specifications and product availability are subject to change without notice. 27035-1119-13

WWW.EXTREMENETWORKS.COM 3