WPA3_Specification_v3.0WIFI联盟WPA3官方文档_WiFiconnect协议资源-CSDN文库

WIFI

WPA3

需积分: 5 124 浏览量 2022-04-22 14:06:14 上传评论 1 收藏 506KB PDF 举报

资源详情

资源评论

资源推荐

Used with the permission of Wi-Fi Alliance under the terms as stated in this document.

WPA3™

Specification

Version 3.0

WI-FI ALLIANCE PROPRIETARY – SUBJECT TO CHANGE WITHOUT NOTICE

By your use of the document and any information contained herein, you are agreeing to these terms. If you

do not agree to these terms, you may not use this document or any information contained herein. Unless

this document is clearly designated as an approved specification, this document is a work in process and

is not an approved Wi-Fi Alliance specification. This document is subject to revision or removal at any time

without notice. Information contained in this document may be used at your sole risk. Wi-Fi Alliance

assumes no responsibility for errors or omissions in this document. This copyright permission does not

constitute an endorsement of the products or services. Wi-Fi Alliance trademarks and certification marks

may not be used unless specifically allowed by Wi-Fi Alliance.

Wi-Fi Alliance has not conducted an independent intellectual property rights ("IPR") review of this document

and the information contained herein, and makes no representations or warranties regarding IPR, including

without limitation patents, copyrights or trade secret rights. You may need to obtain licenses from third

parties before using the information contained in this document for any purpose.

Wi-Fi Alliance owns the copyright in this document and reserves all rights therein. A user of this document

may duplicate and distribute copies of the document in connection with the authorized uses described

herein, provided any duplication in whole or in part includes the copyright notice and the disclaimer text set

forth herein. Unless prior written permission has been received from Wi-Fi Alliance, any other use of this

document and all other duplication and distribution of this document are prohibited. Unauthorized use,

duplication, or distribution is an infringement of Wi-Fi Alliance’s copyright.

If you provide comments, feedback, suggestions or other ideas to Wi-Fi Alliance related to the subject

matter of this document, unless otherwise agreed to in writing by Wi-Fi Alliance, you agree that such

comments, feedback, suggestions and other ideas are not confidential and that Wi-Fi Alliance may freely

use such comments, feedback, suggestions or other ideas without providing any additional consideration

to you.

These terms are governed by the laws of the state of California, U.S., without regard to any conflict of laws

principles. In the event of any dispute under these terms, you agree to resolve such dispute by binding

arbitration in English pursuant to the Rules of Arbitration of the International Chamber of Commerce in San

Francisco, California, U.S.

NO REPRESENTATIONS OR WARRANTIES (WHETHER EXPRESS OR IMPLIED) ARE MADE BY

WI-FI ALLIANCE AND WI-FI ALLIANCE IS NOT LIABLE FOR AND HEREBY DISCLAIMS ANY DIRECT,

INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES

ARISING OUT OF OR IN CONNECTION WITH THE USE OF THIS DOCUMENT AND ANY

INFORMATION CONTAINED IN THIS DOCUMENT.

WPA3™ Specification v3.0 
 
© 2020 Wi-Fi Alliance. All Rights Reserved. 
Used with the permission of Wi-Fi Alliance under the terms as stated in this document. 
Page 3 of 30 
Table of contents 
INTRODUCTION .......................................................................................................................................................... 5 
1  Scope ............................................................................................................................................................ 5 
2  References .................................................................................................................................................... 5 
3  Definitions and acronyms .............................................................................................................................. 6 
3.1  Shall/should/may/might word usage ................................................................................................ 6 
3.2  Conventions ..................................................................................................................................... 6 
3.3  Definitions ........................................................................................................................................ 6 
3.4  Abbreviations and acronyms ............................................................................................................ 6 
WPA3-PERSONAL ....................................................................................................................................................... 8 
1  Modes of operation ....................................................................................................................................... 8 
2  WPA3-Personal only mode ........................................................................................................................... 8 
3  WPA3-Personal transition mode ................................................................................................................... 8 
4  Additional Requirements on WPA3-Personal modes ................................................................................... 8 
WPA3-ENTERPRISE ................................................................................................................................................... 9 
1  Modes of operation ....................................................................................................................................... 9 
2  WPA3-Enterprise only mode ......................................................................................................................... 9 
3  WPA3-Enterprise transition mode ................................................................................................................. 9 
4  Additional Requirements on WPA3-Enterprise modes ................................................................................. 9 
5  WPA3-Enterprise 192-bit mode .................................................................................................................... 9 
WPA3 FAST BSS TRANSITION ................................................................................................................................ 11 
1  STA AKM preference order ......................................................................................................................... 11 
1.1  Personal modes ............................................................................................................................. 11 
1.2  Enterprise modes ........................................................................................................................... 11 
SERVER CERTIFICATE VALIDATION ...................................................................................................................... 12 
1  Failure Conditions for Server Certificate Validation .................................................................................... 12 
2  Support for User Override of Server Certificate .......................................................................................... 12 
3  Criteria to disable UOSC ............................................................................................................................. 12 
3.1  TOD Policies .................................................................................................................................. 12 
3.2  Additional Consideration on TOD Policies ..................................................................................... 13 
SAE-PK ....................................................................................................................................................................... 14 
1  Background ................................................................................................................................................. 14 
2  SAE-PK overview ........................................................................................................................................ 14 
3  Credential generation procedure ................................................................................................................ 15 
4  Authentication using SAE-PK ..................................................................................................................... 16 
5  Modes of operation ..................................................................................................................................... 19 
5.1  AP operation .................................................................................................................................. 19 
5.2  STA operation ................................................................................................................................ 19 
6  Security considerations ............................................................................................................................... 20 
6.1  General .......................................................................................................................................... 20 
6.2  Resistance to preimage attacks ..................................................................................................... 21 
6.3  Resistance to downgrade .............................................................................................................. 22 
7  SAE-PK element ......................................................................................................................................... 22 
WIFI URI ..................................................................................................................................................................... 24 
1  URI format ................................................................................................................................................... 24 
2  WIFI URI device support ............................................................................................................................. 24 
3  URI examples .............................................................................................................................................. 25 
TRANSITION DISABLE INDICATION ........................................................................................................................ 26 
PRIVACY EXTENSION MECHANISMS ..................................................................................................................... 28 
1  Randomized MAC address ......................................................................................................................... 28 
1.1  Composition of a randomized MAC address ................................................................................. 28 
1.2  Authentication and Association ...................................................................................................... 28 
1.3  Active Scanning Procedures .......................................................................................................... 28 

WPA3™ Specification v3.0 
 
© 2020 Wi-Fi Alliance. All Rights Reserved. 
Used with the permission of Wi-Fi Alliance under the terms as stated in this document. 
Page 5 of 30 
1  Introduction 
This document is the specification for the Wi-Fi CERTIFIED WPA3™ certification program and defines a subset of 
functionality for WPA3™ devices that achieve Wi-Fi CERTIFIED WPA3 certification. Only devices that complete the 
certification program test requirements for Wi-Fi CERTIFIED WPA3 shall be designated as Wi-Fi CERTIFIED WPA3. 
1.1  Scope 
The content of this specification addresses the solution requirements for the following features: 
•  WPA3-Personal only mode 
•  WPA3-Personal transition mode 
•  WPA3-Enterprise only mode 
•  WPA3-Enterprise transition mode 
•  WPA3-Enterprise 192-bit mode 
•  WPA3 Fast BSS Transition 
•  WPA3-Enterprise Server Certificate Validation 
•  SAE-PK 
•  SAE-PK only mode 
•  WIFI URI 
•  Transition Disable indication 
1.2  References 
Knowledge of the documents listed in this section is required for understanding this specification. If a reference includes a 
date or a version identifier, only that specific version of the document is required. If the listing includes neither a date nor a 
version identifier, then the latest version of the document is required. In the event of a conflict between this specification 
and the following referenced documents, the contents of this specification take precedence. 
[1]  IEEE Draft Standard for Information technology -- Telecommunications and information exchange between systems 
Local and metropolitan area networks -- Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) 
and Physical Layer (PHY) Specifications, 2020 
[2]  IETF RFC 5216, The EAP-TLS Authentication Protocol, https://tools.ietf.org/html/rfc5216 
[3]  IETF RFC 3972, Cryptographically Generated Addresses (CGA), https://tools.ietf.org/html/rfc3972  
[4]  NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications, 
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf 
[5]  NIST SP 800-107 Revision 1, Recommendations for Applications using Approved Hash Functions, 
https://csrc.nist.gov/publications/detail/sp/800-107/rev-1/final 
[6]  IETF RFC 4648, The Base16, Base32 and Base64 Data Encodings, https://tools.ietf.org/html/rfc4648 
[7]  IETF RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, https://tools.ietf.org/html/rfc3986 
[8]  IETF RFC 5480, ECC SubjectPublicKeyInfo Format, https://tools.ietf.org/html/rfc5480 
[9]   IETF RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate 
Revocation List (CRL) Profile, https://tools.ietf.org/html/rfc3279 
[10]  Wi-Fi Alliance WPA3 Security Considerations, https://www.wi-fi.org/file/wpa3-security-considerations 
[11]  Verhoeff, J, "Error Detecting Decimal Codes", Mathematisch Centrum 