March 4, 2019
Last June, the Wi-Fi Alliance™(WFA) announced the full details of Wi-Fi Protected Access 3 (WPA3), their biggest security protocol update in over a decade. As adoption begins, what effects will WPA3 have and where is Wi-Fi® headed?
Recently, IEEE Spectrum took a look at the features WPA3 brings to the table, the biggest of which being Simultaneous Authentication of Equals (SAE), a new method of authenticating devices attempting to join a network.
SAE is based on a unique zero knowledge proof in which each side proves possession of a password without exposing the password, or any password-derived data, over the air. This prevents an attacker from launching an off-line dictionary attack in order to obtain the password.
Resistance to dictionary attacks allows for more usable and manageable passwords. With WPA2-Personal, the protocol SAE replaces, the onus was on the user to come up with a complicated password that was mixed-case with special characters, etc. With SAE, the only requirement is that the password not be trivially guessable. Passwords can be shorter, easier to remember and easier to enter without a commensurate loss of security.
Also, the password is only used for authentication and not to derive the encryption secrets. SAE exchanges ephemeral public key information with each exchange in order to derive encryption keys, so even if the password is subsequently determined, all previous SAE-based communications remain secure.
“SAE is a significant development in 802.11 security. It increases security and also increases usability, a true win-win” Dan Harkins, the inventor of SAE, told IEEE Transmitter.
Vulnerable passwords are being further reduced through the Wi-Fi CERTIFIED Easy Connect™ initiative, which allows users to securely connect IEEE 802.11-based smart home devices to a network by simply scanning a unique QR code. Secure network access for Wi-Fi-enabled Internet of Things devices becomes easy for consumers to use.
The IEEE Standards Association provides the technical radio foundations of Wi-Fi’s future by developing standards on wireless communications. Its IEEE 802.11™ standard, which defines technology for local area network (WLAN) products (and thus Wi-Fi as we know it) is approaching its 30th anniversary. Virtually all of the Wi-Fi products deployed today use the 2.4 and 5GHz spectrum bands.
Products are coming to market now that are based on the IEEE 802.11ad standard, which defines operation in the 60GHz band. Marketed as Wi-Gig by the WFA, available products include point-to-point backhaul links and gaming devices.
Work is now underway in Project IEEE 802.11ay™ to define the next generation of WiGig technology, which is helping make use of the 60 GHz spectrum. IEEE Spectrum recently covered the introduction of a new chipset by Qualcomm that can bring millimeter-wave technology to mobile devices. The 60 GHz spectrum “offers multigigabit speeds and much lower latency. A 60 GHz router could also theoretically be more power efficient, since it will take far less time for uploads and downloads,” according to Qualcomm.
While the speed and efficiency are tremendous upsides, a major limitation is the range, since 60 GHz waves can’t penetrate walls. With line of sight, however, gesture sensing and occupancy detection can become quite accurate, as well as other emerging applications.
Occupancy detection may sound odd, but it has the potential to save lots of electricity by automatically turning off lights in a space. Researchers from the University of Tokyo published a journal article last year using a router’s power consumption to determine the number of people in an office environment with ninety-three percent accuracy.
Since residential and office environments consume a majority of our electricity, and because other methods of occupancy detection like cameras and infrared sensors have their drawbacks and technical limitations, this is yet another emerging application in what’s becoming an exciting time for Wi-Fi.