Tuesday - last edited Wednesday
The Wi-Fi Alliance introduced WPA3 in 2018 and it is a successor to WPA2. It was released to address the security limitations of WPA2, such as offline dictionary attacks and KRACK & Kraken attacks. Like WPA2, WPA3 also comes in two variants: Personal & Enterprise, but with significant improvements in authentication and encryption. This article focuses on the differences between WPA3-Personal and Transition Mode, illustrated with real-world packet captures.
Before we dive into the WPA3 modes, it is important to understand why WPA3 is needed and why WPA2 is no longer sufficient. The WPA2 security standard has been in use since 2004, and it is still widely used on many networks. As of now, not many devices support WPA3. In WPA2-Personal, security heavily depends on the strength of the passphrase. That passphrase is directly converted into a PMK which is then used in the 4-way handshake for key derivation. When weak passwords are used, WPA2 networks are vulnerable to KRACK and offline dictionary attacks. On the contrary, WPA3-Personal uses SAE (Simultaneous Authentication of Equals) to generate the PMK, which offers stronger resistance to offline dictionary attacks. The table below highlights the major improvements WPA3 introduces over WPA2.
Features | WPA2 | WPA3 |
Encryption | AES-CCMP | GCMP-256 / AES-CCMP |
Key Size | 128-bit | 128 & 192-bit for Enterprise |
Authentication Types | PSK / Enterprise | SAE / Enterprise |
PMF Support | Optional | Mandatory |
Forward Secrecy | Not Supported | Supported |
Security Level | High | Very High |
Protection against Attacks | Susceptible to KRACK and offline dictionary attacks | Resistant to KRACK and offline dictionary attacks |
Backward Compatibility | Support WPA-PSK | Support WPA2-PSK in Transition mode |
SAE is the authentication type used in WPA3, but it is not new to wireless. It was first introduced in mesh networks (802.11s) to allow APs to discover and authenticate with each other simultaneously. SAE belongs to a family of protocols known as Password-Authenticated Key Exchanges (PAKEs), which let two devices prove they both know the same password without ever sending it across the air. To achieve this, WPA3 uses the Dragonfly handshake, a two-step process where the client and access point exchange special cryptographic values (commit and confirm messages). These values act like proofs that the password is correct, but without revealing the password itself. The result is a shared secret that is unique for every client–AP connection, which then becomes the basis for the Pairwise Master Key (PMK). This design not only blocks offline dictionary attacks but also ensures forward secrecy, so that even if the Wi-Fi password is stolen later, previously captured traffic remains secure. In addition to SAE, WPA3 makes Protected Management Frames (PMF) mandatory, blocking spoofed disassociation or deauthentication frames that plagued WPA2.
For clarity, the explanation below is kept simple and focuses only on the essential steps. It is not intended to cover the full mathematics or cryptographic proof behind SAE and Dragonfly
I used ExtremeCloud IQ controller–AP [On-premise] for this testing. Wlan – SSID configuration from XIQ-C controller running on version 10.14.01
1. Packet # 1113 to 1173 – WPA3-Personal mode complete flow.
2. Beacon & Probe Response frames show the RSN Information of the BSS.
3. Authentication Frames 1 & 2 - Commit messages: Packets # 1148 & 1157
4. Authentication Frames 3 & 4 – Confirm Messages: Packet # 1161 & 1162
5. How to confirm in the capture that the PMK is generated:
--------------------------------------------------------------------
WPA3 transition mode is used to provide support for mixed devices deployments to provide backward compatibility. As of now, not all the devices are capable of WPA3. For the customers who want security but also want to support WPA2 devices at the same time, the solution is to use the WPA3 transition mode. In Transition mode, PMF is optional, allowing WPA2 clients to connect.
Wlan SSID configuration for WPA3-Transition:
2. The below image shows the connection flow from the WPA2 supported client connected to the WPA3 transition SSID but it is using AKM suite – PSK for connection but using same passphrase configured in the WPA3.
The authentication algorithm is “Open System” and not "SAE".
This option varies based on vendor. ExtremeCloud AP supports WPA3 SAE with FT. If the AP supports 802.11r, how to check the same in the packet capture?
When clicking WLAN icon, the WPA3 SSID will show with a “X” symbol and there will be no option given to ‘connect’. The message will show ‘can’t connect to this network’.
Category | Strengths | Weaknesses/Challenges |
Authentication | SAE helps resist the offline dictionary & KRACK attacks & provides forward secrecy | Transition Mode allows the use of WPA2-PSK which reduces the security |
Encryption | WPA3-Enterprise supports 192-bit CNSA suite (AES-GCMP-256, SHA-384, ECC) | Not all vendors/clients fully support advanced suites |
Management Frame security | PMF mandatory protects against spoofed de-auth/disassociation attacks | Legacy clients without PMF cannot connect |
Roaming / Mobility | Supports PMK caching and FT | Roaming behavior inconsistent across vendors; Observed, full SAE re-auth in WPA3-Personal at times. |
WPA3 strengthens Wi-Fi security by replacing PSK with SAE, enforcing Protected Management Frames, and introducing stronger encryption for both personal and enterprise deployments. While Transition Mode and inconsistent roaming remain challenges, WPA3 is a significant step forward. Organizations should plan phased migrations, retire WPA2 when possible, and adopt WPA3-only SSIDs to achieve the best balance of security and performance.
Reference:
[1]https://dl.aircrack-ng.org/wiki-files/doc/additional_papers/dragonblood.pdf
[2] https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.4.pdf
[3] https://praneethwifi.in/2021/02/04/wpa3-authentication-part-1/?utm_source=chatgpt.com
[4] https://mrncciew.com/2019/11/29/wpa3-sae-mode/
[5] https://mrncciew.com/2019/11/29/wpa3-sae-transition-mode/
[6] https://wlan1nde.wordpress.com/2018/09/14/wpa3-improving-your-wlan-security/
[7] https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange