The current standard for security over WiFi links is WPA2. WiFi Alliance recently announced plans to introduce WPA3 for improvements to WiFi security. While no technical details on WPA3 have been announced, there are clues in the announcement and in the technical literature, to what WPA3 may contain. This blog reviews security protocols, namely OWE and Dragonfly, that are believed to be introduced in WPA3.
Some understanding of discrete logarithm cryptosystem (DLC) is essential to follow the workings of Opportunistic Wireless Encryption (OWE) and Dragonfly protocols.
Watch this video for conceptual introduction to DLC using Elliptic Curves:
Opportunistic Wireless Encryption (OWE) for Open SSID
OWE derives an encryption key between an access point (AP) and a client, even if they have had no prior contact to establish any shared secret. This allows for encryption capability to be added to what we refer to as open SSID today. Piggybacking OWE elements on the IEEE 802.11 association request/response is specified in IETF RFC 8110. OWE uses Diffie Hellman key exchange, which is based on DLC. An eavesdropper who sniffs traffic between the AP and the client cannot generate the encryption key.
While OWE adds encryption to the wireless link, it lacks authentication functionality. Techniques such as captive portal can be used along with OWE to perform client to AP authentication. However, due to the lack of AP to client authentication, security threats like honeypots and Evil Twins are still not mitigated.
Watch this video for details on OWE:
Offline Dictionary Attack Resistance (Dragonfly) for PSK Passwords
Passwords are used in WPA2 today in a security mode called “PSK”, for mutual authentication and encryption key derivation between an AP and a client. However, an eavesdropper can collect the messages exchanged between the AP and the client over the wireless link and run them through trial and error password dictionary to crack the password. This is called “offline dictionary attack”. If the password is weak, the search space of passwords (i.e., probable-password dictionary) can be relatively small and cracking is computationally tractable.
Dragonfly protocol, specified in IRTF RFC 7664 and in Section 12.4 (SAE) of the IEEE 802.11 standard, provides offline dictionary attack resistance for PSK. Dragonfly is similar to its proprietary predecessor called SPEKE. Dragonfly makes offline password dictionary attack computationally intractable, irrespective of the size of the dictionary. It uses Diffie Hellman (DH) key exchange, which is based on DLC, to facilitate both the encryption key generation and mutual authentication. Another beneficial property of Dragonfly is that even if a password were leaked at a later point in time, it still cannot be used to decrypt the eavesdropped and stored communication from the past.
Watch this video for details on Dragonfly:
Longer Encryption Keys
In addition to new protocols as above, WPA3 may introduce nominal enhancements to existing protocols. Currently in WPA2, most implementations use 128-bit AES encryption key. The IEEE 802.11i standard also supports 256-bit encryption key. WPA3 may make support for 256-bit key, and possibly also 192-bit key, mandatory in the WiFi certified equipment.
Ease of Security Configuration for IoT
There is also talk of WPA3 addressing security configurations for devices such as IoT sensors, which lack full featured display/keyboard interface. To get clues on what this could be, we can look at adjacent fields, e.g., how Bluetooth Low Energy (BLE) combines OWE with pairing to achieve link encryption and mutual authentication.
The OWE, Dragonfly and IoT security enhancements can be implemented in software. Use of longer encryption keys will require support in WiFi chips, because it is inline data encryption and needs to be done in hardware for speed. Now we wait for WiFi Alliance to disclose full technical details on WPA3.
Ready to see how Mojo Networks can provide you with secure WiFi? Get a demo now!