Welcome back for Part 2 of this series taking a look at the enhancements to Wi-Fi security!  In the first article, we had a look at WPA3-Personal which uses Simultaneous Authentication of Equals to secure the authentication process.  Now, we will look at Wi-Fi CERTIFIED Enhanced Open which is the new flavour of open WLANs typically used for guest and hotspot networks.

Opportunistic Wireless Encryption

Enhanced Open uses Opportunistic Wireless Encryption (OWE), specified in IETF RFC 8110, essentially provides data confidentiality with encryption over the air between an AP radio and a wireless client – awesome!  OWE also doesn’t require any supplicant or device provisioning, just as open networks operate today.  However, OWE does not provide any authentication and hence no protection against man-in-the-middle attacks, or the use of honeypot APs spoofing the identity of your infrastructure APs.

The OWE mechanism employs a Diffie-Hellman key exchange embedded in the Association Request and Association Response frames between a wireless client and an AP.  The exchange uses Group 19 P-256 Elliptic Curve Cryptography (ECC – which, if you recall, is also used by SAE) with 128-bit encryption (either CCMP or GCMP). Diffie-Hellman key exchanges are commonly used in SSH, TLS (HTTPS), IPSec, and now it is a new addition to Wi-Fi security.  As per WPA3-Personal, Protected Management Frames (PMF) support is required.

OWE Probe Response

For the wireless client to know the WLAN supports OWE, it must receive a Probe Response from the AP in response to its Probe Request.  Here we see a Probe Response indicating OWE is supported for AKM on the SSID:

OWE Association

OWE still uses 802.11 Open System Authentication, then the ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) exchange occurs in the Association process.  After Association is successful the 4-way handshake can occur (note that legacy open networks do not use a 4-way handshake as there is no encryption and hence no RSN capabilities), and from then on data frames are encrypted.

The client (Samsung Galaxy S10e) sends an Association Request and we can see it is using OWE, and there is an extended tag containing Diffie-Hellman key elements at the bottom of the decode:

The AP sends back an Association Response with its own ECDHE information and a Successful status code:

Then the 4-Way handshake occurs as expected, and then data frames are encrypted:

OWE Transition Mode

As with WPA3-Personal there is a Transition Mode for Enhanced Open, allowing legacy clients to be able to connect to a WLAN that is enabled for OWE.  But there’s a catch!  This Transition Mode requires separate hidden SSID configured with similar properties – not ideal!

Your standard open SSID is configured on the infrastructure side with the WLAN ID of the Enhanced Open SSID.  There is then also a hidden version of the same SSID with Enhanced Open/OWE enabled.  The standard open SSID has a OWE Transition Mode Element OTME to direct capable STAs to the hidden Enhanced Open BSS.

Here’s the configuration on a Cisco Catalyst 9800 WLC.  Below is the WLAN summary:

OWE Hidden SSID

The following three screenshots show the required configuration for the hidden OWE/Enhanced Open SSID (note: the configuration is the same if you don’t want to use Transition Mode, just enable Broadcast SSID and don’t create the standard open SSID in the next section):

PMF is Required, and note that you need to specify the WLAN ID number of the standard open SSID that will contain the OTME (OWE Transition Mode Element).

Here is the CLI configuration:

wlan s****-OWE 56 coops-OWE 
no broadcast-ssid 
radio dot11a 
no security ft adaptive 
no security wpa wpa2 
no security wpa akm dot1x 
security wpa akm owe 
security wpa transition-mode-wlan-id 57 
security wpa wpa3 
security pmf mandatory 
no shutdown

Transition Mode Open SSID

This SSID configuration is much the same as a standard open SSID, aside from needing to reference the OWE WLAN ID number in order to advertise the OTME.  The SSIDs must match:

Here is the CLI configuration:

wlan s****-OWETM 57 coops-OWE 
ccx aironet-iesupport 
radio dot11a 
no security ft adaptive 
no security wpa 
no security wpa wpa2 ciphers aes 
no security wpa akm dot1x 
security wpa transition-mode-wlan-id 56
no shutdown

AireOS Configuration

Here is a look at some example configuration on an AireOS WLC running 8.10 taken from BRKEWN-2006 Advancements in Wireless Security from Cisco Live San Diego, presented by Distinguished SE Stephen Orr (@StephenMOrr) and TSA Bob Sayle (@Bob_In_IT):

OWE Transition Mode Beacons

Now that we have configured the Transition Mode and Enhanced Open SSIDs, we can take a look at their beacons.

Open SSID

We can see here there are no RSN elements, but there is a vendor-specific tag for Wi-Fi Alliance: OWE Transition Mode.  An Enhanced Open capable client will recognise this and know to look for a hidden beacon with the same SSID advertising OWE capabilities.

Hidden OWE SSID

Here the hidden/masked SSID is advertising OWE capabilities, and also has the vendor-specific tag for OWE Transition Mode with the SSID name.  You’ll also see both SSIDs in a Wi-Fi Explorer passive scan, and can see the information elements in the Advanced Details pane.

The Galaxy S10e now knows it can send an Open System Authentication Request to this hidden SSID. Other devices, such as my iPad (running iPadOS beta, which supports WPA3-Personal but not OWE!) connect seamlessly to the standard open SSID.

OWE Transition Mode Association

Association occurs much the same as before, but here is a look at the Association Request for the hidden OWE SSID for your reference:

Wireless Client Status

Here is a look at an OWE-capable client (S10e) and a legacy client (iPad) connected to the Transition Mode SSIDs (FYI the CLI command is ‘show wireless client mac-address <mac> detail’).

Here is the iPad in more detail on the standard open SSID, note there is no Encryption Cipher or PMF.

Here is the S10e in more detail on the hidden OWE SSID, and note the Encryption Cipher, AKM and PMF.

What’s Next?

Enhanced Open is definitely a big step forward in wireless security for open or hotspot networks.  However, we need to remain aware that there is no authentication of the AP, or the user/device, with Enhanced Open.  It is still a good practice to keep your data protected by using a VPN on a public or open Wi-Fi network.

The Transition Mode is useful to support legacy clients, however keep in mind that an additional SSID is required.  Although hidden, this additional SSID introduces management frame overhead to your environment.

Next in this series I will cover what is new and improved with WPA3-Enterprise.

Hope you found this article useful!

Posted by Wi-Fi Coops

One Comment

  1. […] References1. WPA3, OWE and DPP | Hemant Chaskar | WLPC Phoenix 20192. WPA3 & Enhanced Open White Paper – Aruba Networks3. https://wificoops.com/2019/08/05/wi-fi-security-enhancements-part-2-enhanced-open-owe/ […]

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s