WPA3

WPA3

Wi-Fi Protected Access 3 replaced WPA2
GCMP provides Encryption/MIC
- It uses an equivalent 192-bit cryptographic strength in WPA3-Enterprise mode and mandates the CCMP-128 as the minimum encryption algorithm in WPA3-Personal mode

Additional Security Features

PMF

Protected Management Frames (PMF) is a #Cisco-Proprietary implementation of IEEE 802.11w (Management Frame Protection, MFP)
- Protects 802.11 management frames from eavesdropping and forging by attackers

SAE

Simultaneous Authentication of Equals is a four-way handshake in Personal Mode Authentication that is used by WPA3 as an upgrade to the traditional PSK

Forward Secrecy

Prevents Data from being decrypted after it was transmitted over the air
Session keys are generated from a long-term Pre-Shared Key that is discarded after the session ends
- Even if the attack obtains the session key, it cannot be used to decrypt past or future sessions

WPA Authentication Modes

All WPA methods support two authentication modes
1. Personal mode
  1. A Pre-Shared Key is used for authentication
    1. The PSK is not sent OTA
    2. A four-way handshake is used for authentication, and the PSK is used to generate keys
  2. Common in small networks
2. Enterprise mode
  1. 802.1X is used with an authentication server (RADIUS/TACACS+ etc.)
  2. All EAP methods are supported

Metadata

OSI or TCP/IP Layer

CCNA Exam Topic

Contributors

Sources