Which Wi-Fi protocol employs simultaneous authentication of equals (SAE) to enhance prior security models?

WPA3's Personal mode replaces the pre-shared key mode in WPA2 with simultaneous authentication of equals, making it more difficult to launch weak passphrase or password attacks. Additionally, it improves security during the initial key exchange between devices. SAE is not implemented in WEP, WPA, or WPA2.

In traditional Wi-Fi security protocols, such as WPA2's pre-shared key (PSK) mode, the same passphrase or key is used by all devices to initiate the key exchange process. This creates a vulnerability, as an attacker who gains access to the passphrase or key can impersonate a legitimate device and gain access to the network.

Simultaneous authentication of equals (SAE), which is used in WPA3's Personal mode, eliminates this vulnerability by requiring both devices to authenticate each other simultaneously during the key exchange process, rather than relying on a shared secret. SAE uses a mutual authentication scheme where both devices generate a random number, and then each device sends a commitment value to the other based on the random number and their own password. The commitment value is then used to derive the secret key for the session.

This approach makes it more difficult for attackers to conduct offline dictionary or brute force attacks against the passphrase or password, as the password is not exchanged in the clear. Additionally, SAE provides forward secrecy, which means that the keys generated during the key exchange process are unique to that session and are not derived from a long-term secret, making it more difficult for attackers to decrypt captured traffic.