Wireless Security in a 6 GHz Wi-Fi 6E World
This is the third in a series of continuing blogs about Wi-Fi 6E and the new spectrum bonanza in the 6 GHz frequency band. This blog will summarize the latest Wi-Fi security certification enhancements and discuss how they relate to Wi-Fi security considerations for the 6 GHz frequency band. The Wi-Fi Alliance began certifying 802.11ax technology in August 2019, with a new certification called Wi-Fi CERTIFIED 6. In late 2020, the Wi-Fi Alliance announced Wi-Fi 6E as an “extension” for certifying the 802.11ax features and capabilities of Wi-Fi 6 to the 6 GHz band. Wi-Fi 6E is the industry name that identifies Wi-Fi devices that operate in 6 GHz. And as shown in Figure 1, many of the world regions are making all or portions of the 6 GHz frequency band available for Wi-Fi. As of this writing, 42 countries have approved new regulations for the unlicensed use of 6 GHz. The Wi-Fi Alliance maintains a web page with a current list of countries enabling Wi-Fi in the 6 GHz band: https://www.wi-fi.org/countries-enabling-wi-fi-6e.
Figure 1 – 6 GHz Wi-Fi through the world
Prior to the expected 6 GHz Wi-Fi bonanza, ongoing enhancements have also been made towards shoring up Wi-Fi security with both WPA3 and Enhanced Open for all Wi-Fi frequencies. As to be expected, there will be Wi-Fi security considerations when deploying Wi-Fi in the 6 GHz frequency band. The Wi-Fi Alliance will require WPA3 security certification for Wi-Fi 6E devices that will operate in the 6 GHz band. Furthermore, support for Enhanced Open security certification will also be mandatory.
In August 2019, the Wi-Fi Alliance began testing APs and clients for the Wi-Fi Certified WPA3 certification. Wi-Fi Protected Access 3 (WPA3) defines enhancements to the existing WPA2 security capabilities for 802.11 radios. It supports new security methods, disallows outdated legacy protocols, and requires the use of management frame protection (MFP) to maintain the resiliency of mission-critical networks. WPA3-Personal leverages Simultaneous Authentication of Equals (SAE) to protect users against password-guessing attacks. WPA3- Enterprise now offers an optional equivalent of 192-bit cryptographic strength.
WPA3-Personal
By far, the most significant change defined by WPA3 is the replacement of PSK authentication with Simultaneous Authentication of Equals (SAE), which is resistant to offline dictionary attacks. SAE is based on a Dragonfly key exchange. Dragonfly is a patent-free and royalty-free technology that uses a zero-knowledge proof key exchange, which means a user or device must prove knowledge of a password without revealing the password. Think of SAE as a more secure PSK authentication method. The goal is to provide the same user experience by still using a passphrase. However, the SAE protocol exchange protects the passphrase from brute-force dictionary attacks. The passphrase is never sent between Wi-Fi devices during the SAE exchange.
As shown in Figure 2, an SAE process consists of a commitment message exchange and a confirmation message exchange. The commitment exchange is used to force each radio to commit to a single guess of the passphrase. Next, the confirmation exchange is used to prove that the password guess was correct. The passphrase is used in SAE to deterministically compute a secret password element used for the authentication and key exchange protocol. Once the SAE exchanges are complete, a unique pairwise master key (PMK) is derived and installed on both the AP and the client station. The PMK is the seeding material for the 4-Way Handshake that is used to generate dynamic encryption keys. SAE authentication is performed prior to association. Once the PMK is created and the association process completes, the AP and the client can then commence a 4-Way Handshake to create a pairwise transient key (PTK). The PTK is the dynamically generated key used to encrypt unicast traffic.
Figure 2 – Simultaneous Authentication of Equals
WPA3-Personal enhances Wi-Fi security for home users and environments where 802.1X is not an option. From the perspective of the user, the connection experience remains the same. A passphrase is still used to connect; however, the SAE protocol exchange protects the passphrase from brute-force dictionary attacks. WPA3-Personal defines two modes of operation:
– WPA3-Personal Only -This mode completely replaces WPA2 PSK authentication and requires the use of SAE authentication. This mode would only be enabled on the AP if all clients were WPA3-capable. Management frame protection (MFP) is required for both APs and clients operating in this mode.
– WPA3-Personal Transition – The transitional mode allows for backward compatibility with WPA2-Personal. This allows for WPA2-Personal clients to connect to the same SSID as WPA3-Personal clients. The clients use the same passphrase; however, the WPA2 clients connect with PSK authentication, and the WPA3 clients connect with SAE authentication. In this mode, MFP is used by the WPA3 clients but not necessarily by the WPA2 clients.
WPA3-Enterprise
Unlike WPA3-Personal, where an entirely new authentication method has been designated, WPA3-Enterprise still leverages 802.1X/EAP for enterprise-grade authentication. In other words, the enterprise-grade authentication process remains the same. The two main enhancements are support for MFP and an optional enhanced cryptographic mode. WPA3-Enterpise defines three modes of operation:
– WPA3-Enterprise Only – 802.1X/EAP authentication remains the same. However, this mode would only be enabled on the AP if all clients were WPA3-capable. Management frame protection (MFP) is required for both APs and clients operating in this mode.
– WPA3-Enterprise Transition -The transitional mode allows for backward compatibility with WPA2-Enterprise. This allows WPA2-Enterprise clients to connect to the same SSID as WPA3-Enterprise clients. 802.1X/EAP authentication remains the same. However, in this mode, MFP is used by the WPA3 clients but not necessarily by the WPA2 clients.
– WPA3-Enterprise 192-Bit – This mode may be deployed in sensitive enterprise environments to further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial. This is an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data. Some of the WPA3-Enterprise 192-bit mode requirements include:-
- 256-bit GCMP/AES is used to encrypt data frames as opposed to the standard CCMP/AES with 128-bit encryption.
- Management frame protection (MFP) is required.
- 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) is used for management frame protection as opposed to the normally negotiated BIP-CMAC-128.
- EAP-TLS is used as the authentication protocol.
Despite the transitional modes offered by WPA3, currently, tactical deployments of WPA3 security are rare in the enterprise. WPA2-Enterprise still offers almost the same level of 802.1X/EAP authentication security as WPA3-Enterprise. I think WPA3-Personal, and the use of SAE is growing in the consumer market but has not really been embraced yet in the enterprise where PSK authentication may or may not be used. The bulk of the enterprise Wi-Fi client population supports and continues to use WPA2 security. Additionally, even though WPA3 firmware upgrades are possible for older client devices, most client vendors may never offer a WPA3 firmware update for a client device that is three or more years old. However, the Wi-Fi Alliance mandates support for WPA3 security for Wi-Fi 6 certification, meaning that all 802.11ax radios must support WPA3. Furthermore, as of July 1, 2020, the Wi-Fi Alliance mandates support of WPA3 security for all future certifications. In other words, all the Wi-Fi radios currently hitting the market must support WPA3, however, adoption is still another matter.
Enhanced Open
Traditionally, Wi-Fi hotspots and guest WLANs have used open security without encryption or authentication. (Although Passpoint security is catching on fast in the Wi-Fi public access marketplace). The Wi-Fi CERTIFIED Enhanced Open certification defines improved data privacy in open Wi-Fi networks. This certification is based on the Opportunistic Wireless Encryption (OWE) protocol. OWE is defined in the IETF RFC 8110. The OWE protocol integrates established cryptography mechanisms to provide each user with unique individual encryption, protecting the data exchange between the user and the access point. As shown in Figure 3, standard open authentication and association occur, and then the 4-Way Handshake process generates the necessary keys for encryption.
Figure 3 – Opportunistic Wireless Encryption
The OWE experience for the user is the same as open security because there is no need to enter a password or passphrase before joining the network. Data privacy is provided, and malicious eavesdropping attacks are mitigated because the 802.11 data frames are encrypted. But please understand that there is zero authentication security. Enhanced Open is not part of WPA3 and is an entirely different and optional security certification for 2.4 GHz and 5 GHz frequency bands. There are two modes of operation for OWE:
– Enhanced Open Only – This mode uses the OWE protocol to provide 128-bit CCMP/AES encryption for data privacy. 802.11 data frames are encrypted, and management frame protection is also required. No authentication protocol is used.
– Enhanced Open Transition – This mode provides backward compatibility with the bulk of clients that do not support OWE by using two SSIDs. When an open SSID is configured on an Enhanced Open certified AP, a second hidden SSID is automatically created that uses OWE. The legacy clients connect to the open SSID with no encryption. However, within the open SSID beacon frame is an OWE information element that directs Enhanced Open clients to the hidden SSID that uses OWE. The OWE SSID is hidden to avoid confusion for the drivers of the legacy clients.
You should understand that Enhanced Open meets only half of the requirements for well-rounded Wi-Fi security. OWE does provide encryption and data privacy, but there is no authentication whatsoever. As previously mentioned, Enhanced Open is an optional security certification. As a result, many WLAN vendors still do not support OWE, and client-side support is marginal at best but growing. Therefore, tactical deployments of OWE in the 2.4 and 5 GHz frequency bands are currently scarce. However, the Enhanced Open certification is mandated for 6 GHz.
So, as to be expected, there will be Wi-Fi security considerations when deploying Wi-Fi in the 6 GHz frequency band. The Wi-Fi Alliance will require WPA3 security certification for Wi-Fi 6E devices that will operate in the 6 GHz band. However, there will be no backward compatibility support for WPA2 security. Furthermore, the Enhanced Open certification will mandate support for Opportunistic Wireless Encryption (OWE) in 6 GHz.
As a result, there are some key 6 GHz security takeaways:
- Because OWE support will be mandatory, there will not be any “open” security SSIDs operating in 6 GHz. OWE provides encryption without authentication. I have never been a big fan of OWE because it only provides encryption. WPA3-Personal or WPA3- Enterprise are better options because authentication is also a requirement. The bottom line is that open networks are not permitted in 6 GHz and all data traffic will be encrypted. This will have implications for existing businesses that are currently using open guest access in the legacy bands.
- Because there is no backward compatibility for WPA2, there will be no support for PSK authentication. Once again, the WPA3-Personal replacement for PSK is Simultaneous Authentication of Equals (SAE). WPA3-Enterprise will still use 802.1X. Management frame protection (MFP) will also be required.
- Because there is no backward compatibility for WPA2, there will be no need for either the WPA3-Personal transition mode or the WPA3-Enterprise transition mode.
But what are the critical takeaways when implementing Wi-Fi security in the 6 GHz band?
- It is my belief that because the existing 15 billion Wi-Fi clients will never be able to connect to 6 GHz, it appears likely that different levels of security will be used on the different frequency bands in the enterprise. WPA3 will indeed be used in 6 GHz. Yet, despite the support for WPA3 transition modes in the legacy bands, WPA2 will likely remain prevalent in the 2.4 GHz and 5 GHz bands for a very long time.
- This means that different SSIDs with different levels of security will be used on the various bands. For example. As depicted in Figure 4, an employee SSID using WPA2-Enterprise and a guest SSID using open security are used for the 2.4 and 5 GHz bands. However, the 6 GHz band requires different SSIDs and security: employee-6 using WPA3-Enterprise and guest-6 using Enhanced Open.
Figure 4 – Different SSIDs and Security across three frequency bands
This is feasible as long as Wi-Fi 6E clients use out-of-band discovery mechanisms, which I will discuss in detail in future blogs. I think it will take time, but the anticipated wide adoption of 6 GHz enterprise deployments hopefully will accelerate the transition to WPA3 security in the other frequency bands. In the meantime, I expect various levels of security across the three bands.
In this blog, I have focused on the required authentication and encryption security for Wi-Fi 6E. In a forthcoming blog, I will cover the potential for new wireless attacks via 6 GHz and why wireless intrusion prevention systems (WIPS) will need to evolve.
I have been working with Wi-Fi since 1997, and I have to say that the availability of 6 GHz for Wi-Fi is probably the most exciting thing to happen for Wi-Fi in the last 15 years. During my past two years at Extreme Networks, I’ve enjoyed working with Rosalie Bibona, Senior WLAN Product Manager at Extreme Networks. I think she put it best when she stated recently, “It’s almost like Wi-Fi is being born again!” I could not agree with her more, Wi-Fi 6E marks a new beginning for Wi-Fi, and the future is extremely bright.
Stay tuned for many more Wi-Fi 6E blogs about 6 GHz design considerations, discovery mechanisms, use cases, and much more.