The Diffie-Hellman (DH) key exchange previously discussed (Here), was utilized to create a new Wi-Fi connectivity standard. It intended to provide a level of security to open Wi-Fi networks used in public places.
Normally, public places such as Cafes, airports etc. had Wi-Fi open system connectivity. It had the following drawbacks:
- The client device or Access point was not authenticated and neither the AP/client device identity verified
- The traffic between a client device and the public network Wi-Fi interface was not encrypted and all data traffic was sent on air in the open (without data encryption)
Opportunistic Wireless Encryption (or also termed Wi-Fi Enhanced Open) attempted to rectify one of the above drawbacks (drawback 2 above). It provided a mechanism to encrypt data packets by keys generated using DH handshake. It does not provide identity verification and hence can still suffer from a rogue Access Point imitating a valid network.
The RFC that defines the OWE operation is RFC 8110. It provides the method in generating the Pairwise Master session key (PMK) which is used in the 4-way handshake to generate the temporal keys used during encryption. We will look at the OWE standard in the coming articles.
Pingback: WPA3 Enterprise Modes (salient points) | Hitch Hiker's Guide to Learning