Blog Mobility

Why is WPA2 Security Still Prevalent in the Enterprise?

David Coleman Director, Wireless Networking at the Office of the CTO Publicado 23 Nov 2024

WPA3 security has now been with us for three years. The Wi-Fi Alliance mandates support for WPA3 security for the Wi-Fi 6 certification, meaning that all 802.11ax radios must support WPA3. Furthermore, as of July 1, 2020, the Wi-Fi Alliance mandates support of WPA3 security for all future certifications. In other words, the bulk of the Wi-Fi radios currently hitting the market support WPA3.

The adoption of WPA3 is another matter. Most enterprise WLAN access points fully support WPA3; however, in most cases, WPA2 is still used in the 2.4 and 5 GHz frequency bands. Despite the transitional modes offered by WPA3 for backward compatibility, currently, tactical deployments of WPA3 security are rare in the enterprise. The question is, why? And the answer is simple. The biggest issue is problems caused by legacy client devices. I will explain, but first, let’s summarize the enhancements that WPA3 security offers.

In August 2019, the Wi-Fi Alliance began testing APs and clients for the Wi-Fi Certified WPA3 certification. Wi-Fi Protected Access 3 (WPA3) defines enhancements to the existing WPA2 security capabilities for 802.11 radios. It supports new security methods, disallows outdated legacy protocols, and requires the use of management frame protection (MFP) to maintain the resiliency of mission-critical networks. WPA3-Personal leverages Simultaneous Authentication of Equals (SAE) to protect users against password-guessing attacks. WPA3- Enterprise now offers an optional equivalent of 192-bit cryptographic strength.

WPA3-Personal

By far, the most significant change defined by WPA3 is the replacement of PSK authentication with Simultaneous Authentication of Equals (SAE), which is resistant to offline dictionary attacks. SAE is based on a Dragonfly key exchange. Dragonfly is a patent-free and royalty-free technology that uses a zero-knowledge proof key exchange, which means a user or device must prove knowledge of a password without revealing the password. Think of SAE as a more secure PSK authentication method. The goal is to provide the same user experience by still using a passphrase. However, the SAE protocol exchange protects the passphrase from brute-force dictionary attacks. The passphrase is never sent between Wi-Fi devices during the SAE exchange.

As shown in Figure 1, an SAE process consists of a commitment message exchange and a confirmation message exchange. The commitment exchange is used to force each radio to commit to a single guess of the passphrase. Next, the confirmation exchange is used to prove that the password guess was correct. The passphrase is used in SAE to deterministically compute a secret password element used for the authentication and key exchange protocol. Once the SAE exchanges are complete, a unique pairwise master key (PMK) is derived and installed on both the AP and the client station. The PMK is the seeding material for the 4-Way Handshake that is used to generate dynamic encryption keys. SAE authentication is performed prior to association. Once the PMK is created and the association process completes, the AP and the client can then commence a 4-Way Handshake to create a pairwise transient key (PTK). The PTK is the dynamically generated key used to encrypt unicast traffic.

Simultaneous Authentication of Equals

Figure 1 – Simultaneous Authentication of Equals

WPA3-Personal enhances Wi-Fi security for home users and environments where 802.1X is not an option. From the perspective of the user, the connection experience remains the same. A passphrase is still used to connect; however, the SAE protocol exchange protects the passphrase from brute-force dictionary attacks. WPA3-Personal defines two modes of operation:

  • WPA3-Personal Only -This mode completely replaces WPA2 PSK authentication and requires the use of SAE authentication. This mode would only be enabled on the AP if all clients were WPA3-capable. Management frame protection (MFP) is required for both APs and clients operating in this mode.
  • WPA3-Personal Transition – The transitional mode allows for backward compatibility with WPA2-Personal. This allows for WPA2-Personal clients to connect to the same SSID as WPA3-Personal clients. The clients use the same passphrase; however, the WPA2 clients connect with PSK authentication, and the WPA3 clients connect with SAE authentication. In this mode, MFP is used by the WPA3 clients but not necessarily by the WPA2 clients.

WPA3-Enterprise

Unlike WPA3-Personal, where an entirely new authentication method has been designated, WPA3-Enterprise still leverages 802.1X/EAP for enterprise-grade authentication. In other words, the enterprise-grade authentication process remains the same. The two main enhancements are support for MFP and an optional enhanced cryptographic mode. WPA3-Enterpise defines three modes of operation:

  • WPA3-Enterprise Only – 802.1X/EAP authentication remains the same. However, this mode would only be enabled on the AP if all clients were WPA3-capable. Management frame protection (MFP) is required for both APs and clients operating in this mode.
  • WPA3-Enterprise Transition -The transitional mode allows for backward compatibility with WPA2-Enterprise. This allows WPA2-Enterprise clients to connect to the same SSID as WPA3-Enterprise clients. 802.1X/EAP authentication remains the same. However, in this mode, MFP is used by the WPA3 clients but not necessarily by the WPA2 clients.
  • WPA3-Enterprise 192-Bit – This mode may be deployed in sensitive enterprise environments to further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial. This is an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data. Some of the WPA3-Enterprise 192-bit mode requirements include:
    • 256-bit GCMP/AES is used to encrypt data frames as opposed to the standard CCMP/AES with 128-bit encryption.
    • Management frame protection (MFP) is required.
    • 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) is used for management frame protection as opposed to the normally negotiated BIP-CMAC-128.
    • EAP-TLS is used as the authentication protocol.

So, the more robust security sounds great, and one might assume that most enterprises are now all using WPA3. In reality, the adoption of WPA3 security in the enterprise remains sparse in the 2.4 and 5 GHz frequency bands. The bulk of the enterprise Wi-Fi client population supports and continues to use WPA2 security. Despite the transitional modes offered by WPA3 for backward compatibility, currently, tactical deployments of WPA3 security are rare in the enterprise. Once again, the question is why?

In the enterprise, hardware refresh cycles are typically about every 4-5 years for access points. However, client devices stick around a lot longer, and refresh cycles for client devices can be as long as 10 years. The good news is that in most cases, a hardware upgrade is not needed, and WPA3 security can be available via a simple firmware update. However, there are still problems. Even though WPA3 firmware upgrades are possible for older client devices, most vendors may never offer a WPA3 firmware update for a client device three or more years old. In other words, you might still be using client devices from 2015, and there is no WPA3 firmware update available.

OK, so you cannot have a “pure” WPA3 security environment in the 2.4 and 5 GHz frequency bands, so the answer is using the transitional modes that allow WPA2 clients to connect to the same SSID as WPA3 clients. These transition modes sound great… right? In theory, WPA2 and WPA3 clients can live harmoniously together on the same SSID. But in the real world, many enterprises have quickly discovered that legacy clients often have connectivity issues despite the promise of co-existence offered by the transition modes. I refer you to a blog that I wrote, Backward Compatibility: The Double-Edged Sword of Wi-Fi Performance and Connectivity.

Many enterprises have quickly discovered that when transition modes are enabled, many legacy clients that support WPA2 begin to have connectivity issues. For whatever reason, the legacy client drivers do not play nice with the transition SSID and cannot connect.

If clients cannot connect to an SSID that supports both WPA3 and WPA2, the enterprise will almost certainly roll back to WPA2 security. In truth, any enterprise using WPA2-Enterprise with 802.1X security is only sacrificing the mandated management frame protection of WPA3-Enterprise. However, we should always strive for the best security and WPA3 offers the best protection,

So how do you solve this problem, and how can we offer WPA3 in the 2.4 and 5 GHz frequency bands? The easy answer is to control the client population and replace all the legacy clients, thus ensuring all clients support WPA3. That is easier said than done. Despite often spending millions of WLAN infrastructure upgrades, client upgrades often drag on for years. Also, we live in a bring-your-own-device (BYOD) world. Most enterprises cannot mandate what devices employees bring to the office. Bottom line, for the time being, most enterprises are still choosing to use WPA2 security in the 2.4 and 5 GHz frequency bands. Later in this blog, I will discuss how the introduction of the 6 GHz frequency band may eventually drive stronger security in the legacy bands.

Enhanced Open

Traditionally, Wi-Fi hotspots and guest WLANs have used open security without encryption or authentication. (Although Passpoint security is catching on fast in the Wi-Fi public access marketplace). The Wi-Fi CERTIFIED Enhanced Open certification defines improved data privacy in open Wi-Fi networks. This certification is based on the Opportunistic Wireless Encryption (OWE) protocol. OWE is defined in the IETF RFC 8110. The OWE protocol integrates established cryptography mechanisms to provide each user with unique individual encryption, protecting the data exchange between the user and the access point. As shown in Figure 2, standard open authentication and association occur, and then the 4-Way Handshake process generates the necessary keys for encryption.

Opportunistic Wireless Encryption

Figure 2 – Opportunistic Wireless Encryption

The OWE experience for the user is the same as open security because there is no need to enter a password or passphrase before joining the network. Data privacy is provided, and malicious eavesdropping attacks are mitigated because the 802.11 data frames are encrypted. But please understand that there is zero authentication security. Enhanced Open is not part of WPA3 and is an entirely different and optional security certification for 2.4 GHz and 5 GHz frequency bands. There are two modes of operation for OWE:

  • Enhanced Open Only – This mode uses the OWE protocol to provide 128-bit CCMP/AES encryption for data privacy. 802.11 data frames are encrypted, and management frame protection is also required. No authentication protocol is used.
  • Enhanced Open Transition – This mode provides backward compatibility with the bulk of clients that do not support OWE by using two SSIDs. When an open SSID is configured on an Enhanced Open certified AP, a second hidden SSID is automatically created that uses OWE. The legacy clients connect to the open SSID with no encryption. However, within the open SSID beacon frame is an OWE information element that directs Enhanced Open clients to the hidden SSID that uses OWE. The OWE SSID is hidden to avoid confusion for the drivers of the legacy clients.

You should understand that Enhanced Open meets only half of the requirements for well-rounded Wi-Fi security. OWE does provide encryption and data privacy, but there is no authentication whatsoever. As previously mentioned, Enhanced Open is an optional security certification for the 2.4 and 5 GHz frequency bands. As a result, many WLAN vendors still do not support OWE, and client-side support is marginal at best. For example, as of this writing, iPhones still do not support OWE. And trust me, nobody wants to use the “two-SSID” solution required by Enhanced Open transition. Therefore, tactical deployments of OWE in the 2.4 and 5 GHz frequency bands are currently almost non-existent in the enterprise.

Stronger security in 6 GHz

There are security considerations when deploying Wi-Fi in the 6 GHz frequency band. The Wi-Fi Alliance requires WPA3 security certification for Wi-Fi 6E devices that will operate in the 6 GHz band. However, there is no backward compatibility support for WPA2 security. Furthermore, the Enhanced Open certification is also mandated to support for Opportunistic Wireless Encryption (OWE) in 6 GHz.

As a result, there are some key 6 GHz security takeaways:

  • Because OWE support is mandatory, there will not be any “open” security SSIDs operating in 6 GHz. OWE provides encryption without authentication. I have never been a big fan of OWE because it only provides encryption. WPA3-Personal or WPA3- Enterprise are better options because authentication is also a requirement. The bottom line is that open networks are not permitted in 6 GHz and all data traffic will be encrypted. This will have implications for existing businesses that are currently using open guest access in the legacy bands. Most likely, guest users will remain delegated to the legacy bands.
  • Because there is no backward compatibility for WPA2, there will be no support for PSK authentication. Once again, the WPA3-Personal replacement for PSK is Simultaneous Authentication of Equals (SAE). WPA3-Enterprise will still use 802.1X. Management frame protection (MFP) will also be required.
  • Because there is no backward compatibility for WPA2, there will be no need for either the WPA3-Personal transition mode or the WPA3-Enterprise transition mode.

But what are the critical takeaways when implementing Wi-Fi security in the 6 GHz band?

  • Because the existing 15 billion Wi-Fi clients will never be able to connect to 6 GHz, it appears likely that different levels of security will be used on the different frequency bands in the enterprise. WPA3 will indeed be used in 6 GHz. Yet, despite the support for WPA3 transition modes in the legacy bands, WPA2 will likely remain prevalent in the 2.4 GHz and 5 GHz bands for a very long time.
  • This means that different SSIDs with different levels of security will be used on the various bands. For example. As depicted in Figure 3, an employee SSID using WPA2-Enterprise and a guest SSID using open security are used for the 2.4 and 5 GHz bands. However, the 6 GHz band requires different SSIDs and security: employee-6 using WPA3-Enterprise and guest-6 using Enhanced Open.

Different SSIDs and Security across three frequency bands

Figure 3 – Different SSIDs and Security across three frequency bands

One potential drawback of this scenario is that it prohibits intra-band roaming. A newer Wi-Fi 6E client can potentially roam between all three bands if the same SSID with the same security is used. Intra-band roaming is not always a good thing; segmenting users by frequency band often has advantages. However, if intra-band roaming is a requirement, a WPA3-only SSID could be deployed across the bands, while a WPA2-only SSID could still be offered on the legacy bands.

I think it will take time, but the anticipated wide adoption of 6 GHz enterprise deployments hopefully will accelerate the transition to WPA3 security in the other frequency bands. In the meantime, I expect various levels of security across the three bands.

And guess what? Wi-Fi 7 will also change the dynamic further. In the near future, Wi-Fi 7 will use a multi-link discovery and setup process that will allow for the use of the same dynamically generated encryption key across all three bands. I will discuss the implications of multi-link operation (MLO) in future blogs.

Get the latest stories sent straight to your inbox!

Casos Relacionados