In December 2019, the Wi-Fi Alliance published version 2 of WPA3, the new certification program for Wi-Fi devices that updates WPA2. This new version of WPA3 addresses, amongst other things, one of the crucial weaknesses of WPA2: in many practical deployments of enterprise Wi-Fi networks—i.e., networks in which users have personalized credentials—a device may easily be attacked by fraudulent access points claiming to have the name of the targeted network (evil twins). In this work, we present the mechanisms that WPA3 version 2 has introduced for mitigating these risks, which have become more and more relevant in recent years. We discuss the defensive power and potential impact of the various options available. Understanding the resulting scenario is important because WPA3 will determine the behavior of such a fundamental and widespread technology as enterprise Wi-Fi for many years, yet WPA3 enterprise networks may still be configured in a way that could not provide much better defensive power than WPA2.

中文翻译：

---

了解WPA3 Enterprise中的服务器身份验证

在2019年12月，Wi-Fi联盟发布了WPA3的第2版，这是用于更新WPA2的Wi-Fi设备的新认证计划。WPA3的这一新版本解决了WPA2的关键缺陷之一：在企业Wi-Fi网络（即用户具有个性化凭据的网络）的许多实际部署中，设备很容易受到欺诈性接入点的攻击声称拥有目标网络的名称（邪恶的双胞胎）。在这项工作中，我们介绍了WPA3版本2引入的缓解这些风险的机制，近年来这些机制变得越来越重要。我们讨论了各种可用选项的防御力和潜在影响。了解所产生的情况非常重要，因为WPA3将确定诸如企业Wi-Fi这类基本且广泛使用的技术的行为，但是WPA3企业网络的配置可能仍无法提供比WPA2更好的防御能力。