Recently, the Wi-Fi Alliance officially announced details for the WPA3 security standard, which includes a brand-new protocol: the “Enhanced Open” network. While this new technology will represent an improvement to how open networks are done today, I believe that it’s a missed opportunity to offer some real security in one of the most common Wi-Fi use-cases.
The idea behind Enhanced Open is to offer secure connections in places like airports and coffee shops: places where there are people around who all need internet connectivity but don’t have any pre-established trust relationship (such as a password) with the network owner. The current state-of-art as of 2018 is to use an unencrypted network. This is dangerous, because every time you log into a website over HTTP on one of these networks you’re sending your password in cleartext, at the speed of light, in every direction.
Alternatively, some establishments will offer a WPA2 pre-shared key (PSK) network, with the Wi-Fi password posted on some visible sign. While traffic across these networks are technically encrypted, it’s rather vacuous. Attackers nearby also know the password and can read your traffic, so that encryption isn’t accomplishing much. Also, it’s a pain to have to find and type that password in again and again.
Enhanced Open tries to help this situation, but unfortunately, it’s not by much. It works by doing a Diffie-Hellman key exchange between the user and access point, and then using the derived key for encryption. It’s convenient, because there are no special actions necessary by the users; however, it falls into the category of technology that I like to call “totally secure, as long as nobody is trying to attack it.”
This shouldn’t come as a surprise; the RFC for Opportunistic Wireless Encryption (which Enhanced Open uses) says as much:
OWE is susceptible to an active attack in which an adversary impersonates an access point and induces a client to connect to it via OWE while it makes a connection to the legitimate access point. In this particular attack, the adversary is able to inspect, modify, and forge any data between the client and legitimate access point.
Coming up with a better solution to this problem is admittedly hard. The protocol must provide strong authentication unidirectionally, in a scenario where none of the endpoints have any pre-established trust relationship. I know how hard this is better than most since this is exactly what I wrote my master’s thesis on, way back in 2010! (P.S. Go Sun Devils!)
My insight (if it can be called that) was that we’ve already solved this problem before: web servers. With web servers, users constantly need to connect to a machine (such as their bank’s website) that they don’t have any pre-established trust relationship with at all. We make this happen by using a certificate authority system to carve out unique entries in a shared namespace.
A company or individual could purchase a new kind of WPA3 certificate that authenticates their network, with the SSID (the human-readable Wi-Fi name) as “the Common Name.” That way, when a user clicks on the “Starbucks” Wi-Fi network, they can be sure that it’s actually Starbucks and not some jerk trying to steal their information.
Back in the day, I even made a rough proof-of-concept implementation - I wouldn’t recommend trying to actually read it, though. (I was a grad student and my code was terrible.)
The Wi-Fi Alliance can be forgiven for having not read my master’s thesis, I could barely get my professors to do that. Back in 2010, the prevailing theory was that users would all migrate to VPNs to ensure end-to-end encryption rather than relying on the next-hop security in Wi-Fi. That never happened, and Wi-Fi hotspots remain to this day a major source of risk for average users.
Certificate authority systems have their own issues, but it’s gotten us pretty far in web security and seems to be a good fit in this scenario, too.
So to recap: Before WPA3 Enhanced Open, attackers could easily capture data from users of Wi-Fi hotspots and steal sensitive data. After WPA3 Enhanced Open, attackers can easily capture data from users of Wi-Fi hotspots and steal sensitive data.
Let’s not do this all over again.
Dan Petro is a Senior Security Associate at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application assessments and network penetration testing. His master's thesis was on cryptographic protocols and combatting the problem of unencrypted open access points on wireless networks. Dan's most recent research project was weaponized AI that was presented at DEF CON in 2017.