SAE was originally implemented for use between peers in IEEE 802.11s.[1] When peers discover each other (and security is enabled) they take part in an SAE exchange. If SAE completes successfully, each peer knows the other party possesses the mesh password and, as a by-product of the SAE exchange, the two peers establish a cryptographically strong key. This key is used with the "Authenticated Mesh Peering Exchange" (AMPE) to establish a secure peering and derive a session key to protect mesh traffic, including routing traffic.
In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2.[3][4] The new standard uses 128-bit encryption in WPA3-Personal mode (192-bit in WPA3-Enterprise)[5] and forward secrecy.[6] The WPA3 standard also replaces the pre-shared key (PSK) exchange with Simultaneous Authentication of Equals as defined in IEEE 802.11-2016 resulting in a more secure initial key exchange in personal mode.[7][8] The Wi-Fi Alliance also claims that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface.[9]
Security
In 2019 Eyal Ronen and Mathy Vanhoef (co-author of the KRACK attack) released an analysis of WPA3's Dragonfly handshake and found that "an attacker within range of a victim can still recover the password" and the bugs found "allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password."[10][11]
^ abcHarkins, Dan (Aug 20, 2008). "Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks". 2008 Second International Conference on Sensor Technologies and Applications (Sensorcomm 2008). pp. 839–844. doi:10.1109/SENSORCOMM.2008.131. ISBN978-0-7695-3330-8. S2CID18401678 – via IEEE Xplore.
Harkins, Dan (Aug 20, 2008). "Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks". 2008 Second International Conference on Sensor Technologies and Applications (Sensorcomm 2008). pp. 839–844. doi:10.1109/SENSORCOMM.2008.131. ISBN978-0-7695-3330-8. S2CID18401678 – via IEEE Xplore.