Introduction

Last time, I explained the difference between WPA2-PSK and WPA3-personal using Qualcomm's QCA9377 module. This time, I would like to explain the difference between Wi-Fi CERTIFIED Enhanced Open™ and Open networks using the same QCA9377.

The Wi-Fi Alliance announced Wi-Fi CERTIFIED Enhanced Open™ at the same time it announced Wi-Fi CERTIFIED WPA3™. Wi-Fi open networks are still used today by an unspecified number of users, such as in public places. But these networks are naturally very dangerous from a security point of view. Wi-Fi Enhanced Open was created to remedy these dangers.

What is Wi-Fi Enhanced Open?

Open networks used up to now are networks that anyone can use without authentication/encryption. Therefore, it is naturally possible for a third party to eavesdrop, unless it is encrypted at a higher layer (such as https). Wi-Fi Enhanced Open provides security (encryption) against these threats.

With Wi-Fi Enhanced Open, users can connect without setting a password, etc., just like an Open network. However, internally it uses the DH algorithm based on Opportunistic Wireless Encryption (OWE) to generate/share various keys. (By the way, it does not provide authentication function.)

In addition, the method of generating various keys (TK/GTK (iGTK)) uses 4way-handshake like WPA2/3. In other words, the difference from the Open network is

・Key generation/sharing process in the Association phase
・Execution of 4way handshake

is added.

Advance preparation

Like WPA3, Qualcomm's QCA9377 also supports Wi-Fi Enhanced Open. Check out this link for Qualcomm's Wi-Fi product lineup.

The environment setting method is the same as WPA3 (advance preparation), so please refer to it.

network={     ssid="OWE AP"     key_mgmt=OWE }

connection

Now try to connect.

This time, the access point information has already been entered in the network information of wpa_supplicant.conf, so it will be automatically connected in the scan immediately after starting wpa_supplicant.

$sudo service network-manager stop
$sudo modprobe cfg80211
$sudo insmod /lib/modules/wlan.ko
$sudo wpa_supplicant -ddd -K -i wlan0 -D nl80211 -c ＜wpa_supplicant.confのパス＞ &

Check connection information

Try using wpa_cli to check the connection information.

$sudo wpa_cli -i wlan0 status

You can see that key_mgmt is OWE.

The following parameters are not set, so the default values are used.

pairwise_cipher=CCMP

group_cipher=CCMP

mgmt_group_cipher=BIP

wpa_supplicant logs

Key information (PMK) is output to the log by setting the "-K" option in the wpa_supplicant startup parameter.

1st connection

second connection

Like WPA3-personal, PMKs generated by OWE also generate different PMKs each time. After that, a 4-way handshake is executed based on the created PMK. This is a Wi-Fi Enhanced Open that does not use a password like an Open network, but packets will be encrypted.

Check Sniffer logs with Wireshark

Specify “Open System” for the Authentication algorithm in the OWE Authentication frame. When the exchange of the Authentication frame is completed, specify OWE in the AKM of the Association frame and exchange public keys with each other.

Generate the PMK for the above log based on the public key received from each other in the association frame and your own private key. After that, based on the generated PMK, various keys used for frame encryption are generated with a 4-way handshake similar to WPA2.

Summary

Using the DH algorithm, Wi-Fi Enhanced Open can support key generation/sharing and provide cryptographic security not found in Open networks. This makes it possible to provide a certain level of security to an open network environment with an unspecified number of users.

Qualcomm has a lineup of Wi-Fi Enhanced Open compatible products.

Inquiry

If you have any questions regarding this article, please contact us below.