NetworkTools
Sign In
1Wi-Fi Standards2RF Fundamentals3WPA34Roaming5Controller vs Autonomous6Wireless Design
← Back to Wireless Fundamentals

Learning Objectives

  • Understand the WPA3 security architecture and its modes
  • Explain the Simultaneous Authentication of Equals (SAE) handshake
  • Compare WPA3-Personal, WPA3-Enterprise, and WPA3-Transition modes

From WPA2 to WPA3

WPA2 has been the standard for Wi-Fi security since 2004, but by the mid-2010s its vulnerabilities were well known. The KRACK attack (Key Reinstallation Attack) in 2017 demonstrated that the 4-way handshake in WPA2 could be manipulated to force nonce reuse, allowing attackers to decrypt traffic without knowing the password.

WPA3, released in 2018 by the Wi-Fi Alliance, addresses these weaknesses with three major improvements:

  1. SAE handshake — Replaces the vulnerable 4-way handshake with a password-authenticated key exchange that is resistant to offline dictionary attacks
  2. Forward secrecy — Even if the password is later compromised, previously captured traffic cannot be decrypted
  3. 192-bit security suite — Optional Enterprise mode using CNSA (Commercial National Security Algorithm) Suite B cryptography

SAE: Simultaneous Authentication of Equals

Instead of the PSK-based 4-way handshake in WPA2, WPA3 uses SAE (defined in IEEE 802.11-2016) — a variant of the Dragonfly key exchange protocol. SAE provides password-authenticated key exchange (PAKE), meaning the password is never directly transmitted. An attacker who captures the handshake cannot brute-force the password offline.

The SAE handshake works in two phases:

SAE Handshake (WPA3-Personal)

ClientAP

After SAE completes, both devices have a Pairwise Master Key (PMK) and proceed with the same 4-way handshake used in WPA2 for deriving session keys. The key difference is that the PMK itself is now cryptographically strong and resistant to offline attacks.

Match each WPA3 mode to its description.

Left
matches to
Right
Left
matches to
Right
Left
matches to
Right
Left
matches to
Right
Attempts: 0

Transition Mode and OWE

WPA3-Transition (also called WPA3-Mixed) allows both WPA2 and WPA3 clients to connect to the same SSID. WPA3 clients use SAE, while WPA2 clients fall back to the 4-way handshake. This is critical during migration but means the network is only as secure as its weakest client — a WPA2 client still exposes the network to KRACK-style attacks.

Opportunistic Wireless Encryption (OWE) is defined in RFC 8110 and replaces open (unauthenticated) networks. With OWE, even public Wi-Fi without a password gets encrypted — the client and AP derive a unique key per association using Diffie-Hellman key exchange. No password means no authentication, but all traffic is encrypted, protecting against passive eavesdropping in coffee shops and airports.

What primary vulnerability does the SAE handshake in WPA3 address compared to WPA2?

What does OWE (Opportunistic Wireless Encryption) provide?

Key Takeaways

  • WPA3 replaces WPA2's vulnerable 4-way handshake with SAE (Dragonfly PAKE)
  • SAE prevents offline dictionary attacks and provides forward secrecy
  • WPA3-Personal uses SAE; WPA3-Enterprise adds 802.1X with optional 192-bit Suite B
  • WPA3-Transition mode eases migration but inherits WPA2 weaknesses from mixed clients
  • OWE encrypts open networks without authentication, preventing passive eavesdropping
PreviousRF FundamentalsNextRoaming