Tag Archive for Wi-Fi Alliance

| March 24, 2018
Comments Off on Will Wi-Fi Be Secure This Time

Will Wi-Fi Be Secure This Time

Will Wi-Fi Be Secure This TimeOne event at CES 2018 that was overlooked by many people was the Wi-Fi Alliance announcement of WPA3, a long overdue update to Wi-Fi Protected Access (WPA). This increases the strength of a security protocol that hasn’t been updated in 14 years.

Wi-Fi AllianceThe Wi-Fi Alliance says Wi-Fi carries more than half of the internet’s traffic, so improvements to WPA are good news. The WPA3 update is a response to the evolution of Wi-Fi usage and WPA2 vulnerabilities. There are four improvements to Wi-Fi Protected Access via WPA3 over the current standard (WPA2).

Stronger passwords

WPA3 gets a new layer of protection so its security is not contingent on passwords (as followers of the Bach Seat know, passwords suck). WPA3 is an improvement on WPA2’s largest vulnerability the handshake when the key is being exchanged. KRACK (Key Reinstallation Attack) is a major vulnerability discovered in 2017 in WPA2 and WPA. It exploits the Wi-Fi handshake. KRACK allows attackers to snoop on encrypted data being transferred between computers and wireless access points (WAP).

WPA2 uses a four-way handshake mechanism, starting with a nonce provided by the access point.Brute force “dictionary attacks” are the backbone of the KRACK attack. WPA3 implements IEEE 802.11s, Simultaneous Authentication of Equals (SAE) to provide protection against this flaw. SAE is also known as the Dragonfly protocol. The Internet Engineering Task Force (IETF) describes Dragonfly,employs discrete logarithm cryptography to perform an efficient exchange in a way that performs mutual authentication using a password that is probably resistant to an offline dictionary attack.

This improvement will offer better security even if poor passwords are used. This feature is very useful since we know that users have difficulties creating strong and hard-to-guess passwords. The Wi-Fi Alliance claims WPA3 makes it almost impossible to breach a Wi-Fi network using the current dictionary and brute-force attacks.  Mathy Vanhoef, the security researcher who discovered KRACK, appears very enthusiastic about the security improvements in WPA3.

Secure public Wi-Fi

Secure public Wi-FiWPA3 secured open networks will offer more privacy than ever before. Everything transmitted over today’s open Wi-Fi networks at airports, coffee shop, libraries, are sent in plain text that people can intercept. WPA3 will apply encryption to each user on the public Wi-Fi to eliminate clear text with “individualized data encryption”.

Malwarebytes Lab speculates that WPA3 will include Opportunistic Wireless Encryption. OWE enables connection on an open network without a shared and public Pre-Shared Key (PSK). That’s important because a PSK can give hackers easy access to the Traffic Encryption Keys (TEKs), allowing them access to a data stream. OWE implements a Diffie-Hellman key exchange during network sign-on and uses the resulting secret for the 4-way 802.11 handshake and not the shared, public Pre-Shared Key (PSK) that can be easily exploited. WPA3 will be more difficult for people to snoop on your web browsing without actually cracking the encryption while you’re at Starbucks.

Stronger encryption

WPA3 will use stronger cryptographic algorithms. The new security protocol will use the  Commercial National Security Algorithm (CNSA) 192-bit encryption mandated by the U.S. government for secure Wi-Fi networks. Experts speculate WPA3 will use a 48-bit initialization vector to support backward compatibility with WPA and WPA2  The 192-bit encryption will make WPA3 compliant with the highest security standards and fit for use in networks with the most stringent security requirements. (rb- Ironic – Go to the CNSA site and get an invalid cert warning in Chrome) The CNSS is part of the US National Security Agency.

Easier IoT security

The WPA3 update simplifies setting up secure Wi-Fi connections for devices that don’t have a graphical user interface. This is critical the secure the 30.7 billion IoT devices that will be on the network by 2020. The new protocol will add Device Provisioning Protocol (DPP) which sets up a simple, secure and consistent method for securing devices with limited or no display. NetworkWorld reports that You will be able to tap a smartphone against a device or sensor and then provision the device on the network.

What happens to WPA2 devices

So far, most manufacturers have been quiet about legacy device support. We do know that future W-Fi certified WPA3 routers will be backward compatible to support WPA2. The question remains whether current WPA2 devices will be capable of connecting to WPA3.

WPA2 devices are not immediately obsolete. The Wi-Fi Alliance explained that current WPA2 devices will be able to connect with WPA3 hardware. The Alliance also announced that it will continue to do security tests on WPA2 to further protect wireless networks. WPA3 is not an immediate replacement for WPA2

Even after you get a WPA3 enabled router, you’ll need WPA3 compatible client devices—your laptop, phone, refrigerator, security camera, industrial temperature sensor, or anything that connects to Wi-Fi—to fully take advantage of the WPA3 features. The good news is that shiny new router will accept both WPA2 and WPA3 connections at the same time.

Even when WPA3 is widespread, expect a long transition period where some devices are connecting to your router with WPA2 and others are connecting with WPA3. Once all your devices support WPA3, you should disable WPA2 connectivity on your router to improve security.

rb-

I am suspicious about the NSA link to the new WPA3 encryption. The NSA has introduced weaknesses in other encryption protocols.

Until we get our hands on real hardware, it is safe to speculate that like all things Wi-Fi, backward compatibility will cost your performance. What will the impact of one legacy device have on the capabilities of the WAP? Have a pair and turn off 802.11, 802.11b, WEP, and WPA connections on your current router.

It’s about time to update WPA. But as the 802.11n process proved, if you want to get nothing done, turn it over to an industry consortium. Andy Patrizio at NetworkWorld explained that’s where standards go to die because everyone wants their IP used so they make money off every sale. The end result is nothing gets done.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| April 28, 2015
Comments Off on Wi-Fi Marches On

Wi-Fi Marches On

Wi-Fi Marches OnKevin Fitchard at GigaOm lays out where Wi-Fi is headed. Now that the second wave of 802.11ac Wi-Fi equipment is hitting the market, new pans are happening. The Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE) have begun to look ahead to 802.11ac successor. This time around, the wireless industry is turning its focus away from overall network capacity to real connection speed to the device.

IEEE logoMr. Fitchard explains that the huge gigabit-plus numbers often attributed to 802.11ac can be a bit misleading. They represent the overall capacity a Wi-Fi network can support. For instance, 1.3 Gbps in today’s most advanced routers, but only in the rarest of circumstances would any single device actually be able to connect at such high rates. The author argues that 802.11ac technologies improvements will be able to pack more high-speed connections into a single router and take advantage of bigger swaths of unlicensed spectrum.

Fair share

However, individual connections are still peaking at just over 300 Mbps. Assuming the broadband connection that can even support those speeds. Typical connection speeds are far slower. 802.11ac channel widthWith 802.11ax, though, wireless engineers are making sure the individual, not just the network, gets its fair share of attention, said Greg Ennis, VP of Technology for the Wi-Fi Alliance.

Wi-Fi Alliance logoThough the IEEE is still in the early stages of developing the 801.11ax specifications (we likely won’t have a ratified standard until at least 2018), it has begun setting priorities for the new technology, the Wi-Fi Alliance’s Ennis said. And at the top of that list is a 4X increase in speed to the device, possibly pushing individual device connections into the gigabit range.

MIMO-OFDA

GigaOm speculates that the IEEE is hoping to do this with a new radio technology called MIMO-OFDA. MIMO, or multiple input-multiple output, uses multiple antennas to send multiple streams of data to the same or different devices, while OFDA is a variant of the orthogonal frequency division multiplexing (OFDM) technologies used in 4G mobile and earlier Wi-Fi standards. The idea is to create a more powerful and efficient radio that can shove more bits into the same transmission. That would create a bigger data pipe to the individual devices, which would, in turn, add up to greater overall network capacity and better Wi-Fi performance even in the sketchiest of conditions, Mr. Ennis said. “The goal here is not just to increase average throughput, but the average throughput users would actually see in the real world, even in the densest environments,” Ennis said.

IEEE 802.11axChinese equipment maker Huawei (002502) — which is heading up the IEEE 802.11ax working group — is already doing trials of MIMO-OFDA systems and it’s hitting 10.53 Gbps in the lab using Wi-Fi’s traditional 5 GHz band. Whether that means a 10 Gbps to your smartphone or tablet remains to be seen, but it hardly seems relevant given it’s difficult to comprehend what any device could possibly do with a 10 Gbps connection (much less a home broadband connection capable of supporting a high-capacity link).

 

IEEE 802.11ah

Faster simultaneous Wi-Fi connections

But if 802.11ax lives up to its promise, the author says it should be able to squeeze a lot more and a lot faster simultaneous connections out of a single router or hotspot, which would mean a far better experience for everyone on a crowded network. Though the IEEE won’t ratify 802.11ax until 2018 or later, we might see the Wi-Fi Alliance certify “draft-ax” devices and equipment beforehand just as we saw “draft-n” and “draft-ac” devices before their respective 802.11 standards were finalized. It all depends on how far the wireless industry has progressed with the underlying technology in the coming years, Ennis said. A range comparison for different Wi-Fi technologies. And long before we see the “ax” suffix stamped onto any gadget or router, other combinations of the Wi-Fi alphabet will make an appearance.

The Alliance will begin certifying the first 802.11ad, or WiGig, devices next year, supporting extremely close range but very high-capacity links between gadgets and peripherals. A bit further down the road is 802.11ah, which will take Wi-Fi to the 900 MHz band where it will provide narrowband but long-range connectivity to the internet of things.

rb-

Techie wireless alphabet  – IEEE, N, AC, AD, AH, AX, MIMO, OFDM, EI, EIO, O!

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 17, 2013
Comments Off on WiGig, Wi-Fi Join Forces

WiGig, Wi-Fi Join Forces

WiGig, Wi-Fi Join ForcesWireless Week is reporting that the Wireless Gigabit Alliance (WiGig) and the Wi-Fi Alliance have joined forces. According to the article, the Wi-Fi Alliance and WiGig Alliance have collaborated for over two years on the WiGig Alliance’s work to develop an interoperability certification for 60GHz products.

Wi-Fi Alliance logoWi-Fi Alliance President and CEO Edgar Figueroa said in a statement that the 60GHz technology has been an important highlight in the Wi-Fi Alliance’s certification roadmap for some time. “Combining the expertise of Wi-Fi Alliance and WiGig Alliance will deliver a terrific user experience with 60 GHz solutions, and will help ensure that a full range of interoperable WiGig solutions reach the market as quickly as possible,” Mr. Figueroa said in a statement.

WiGig operates in the unlicensed 60 MHz band and offers short-range multi-gigabit connections with speeds up to 7 Gbps. FierceBroadbandWireless reports that early applications will include ultrabooks and peripherals. WiGig offers short-range multi-gigabit connections for applications ranging from high-definition WiGig Display Extensions (WDE) to peripheral connectivity and I/O cable replacement such as WiGig Serial Extension (WSE), WiGig Bus Extension (WBE), and WiGig SDIO Extension (WDS). Tablets will then include the technology, primarily for media streaming, and smartphones will drive more widespread WiGig adoption from 2015 on according to ABI Research.

60ghz 802-11ad scenarios

Its major limitation is the extremely high 60 GHz frequencies it uses, which limits its connections to near-line-of-sight within a single room. Signals in the 57–64 GHz region are subject to a resonance of the oxygen molecule and are severely attenuated.

WiGig logoEarly 60 GHz implementations based on the WiGig specifications are entering the market now, and ABI Research forecasts that by 2016, annual shipments of devices with both Wi-Fi and WiGig technology will reach 1.8 billion units.

Related articles
  • WiFi spec update promises to double your wireless speeds (pcproactive.wordpress.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| September 11, 2009
Comments Off on 802.11n Ratified -Yawn

802.11n Ratified -Yawn

802.11n Ratified -YawnToday (09-11-09) the IEEE Standards Board has ratified the IEEE 802.11n™-2009 amendment. This vote ends a seven year effort to, “enable rollout of significantly more scalable WLANs that deliver 10-fold-greater data rates than previously defined while ensuring co-existence with legacy systems and security implementations” according to the IEEE. The 560-page document describing 802.11n will be published in mid-October 2009. Bruce Kraemer, Chair of the IEEE Wireless LAN Working Group said in a press release,

The performance improvements achieved via IEEE 802.11n stand to transform the WLAN user experience, and ratification of the amendment sets the stage for a new wave of application innovation and creation of new market opportunities.

IEEE logoKelly Davis-Felner, marketing director of the Wi-Fi Alliance (WFA), told Network World that “The core interoperability is totally preserved with the [existing] draft certification program.” Ms. Davis-Felner says,  ”Existing draft-11n products should work seamlessly with future products based on the final standard. No existing products will have to be retested in the updated certification program.

Today’s ratification marks the high-point for other 802.11 wireless products. This approval will green-light the development and deployment of 11n products in the enterprise. There is no longer a reason for firms deploying greenfield WLAN’s to roll put anything but  802.11n. The WFA expects 11n shipments to rise to 45% of all 802.11 shipments in 2009. Reaching 60% in 2012 based on data from market researcher ABI Research. But how long will 802.11n last?

WiGig logoNetworkWorld is reporting that Microsoft (MSFT), Intel (INTC) and others have formed the Gigabit Wireless Alliance (WiGig). WiGig is to create anew wireless specification with a data speed of up to 6Gbps. WiGig is also actively involved with the IEEE’s 802.11ad task group. And if WiGig is to slow. James Buckwalter, a professor at the University of California San Diego has developed s a silicon-based amplifier that transmits 10Gbps wireless in 100 GHz frequency bands according to NetworkWorld. Coverage could also be over a kilometer, which beats traditional WiFi‘s 100 meters.

rb-

The formal ratification of the IEEE 802.11n standard is a good thing. However we have recommended that clients seriously consider this technology in greenfield installs with Wi-Fi approved 802.11n since the beginning of the year.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , , , , , ,