Opportunistic Wireless Encryption

Last updated
Screenshot of Android Wi-Fi configuration with the Security set to "Enhanced Open" Android-WiFi-Security-Enhanced-Open.jpg
Screenshot of Android Wi-Fi configuration with the Security set to "Enhanced Open"

Opportunistic Wireless Encryption (OWE) is a Wi-Fi standard which ensures that the communication between each pair of endpoints is protected from other endpoints. Unlike conventional Wi-Fi, it provides "Individualized Data Protection" such that data traffic between a client and access point is "individualized". Other clients can still sniff and record this traffic, but they can't decrypt it.

Contents

OWE is an extension to IEEE 802.11. [1] it is an encryption technique similar to that of Simultaneous Authentication of Equals (SAE) and is specified by Internet Engineering Task Force (IETF) in RFC 8110 with devices certified as Wi-Fi Certified Enhanced Open by the Wi-Fi Alliance. [2] [3]

See also

Related Research Articles

<span class="mw-page-title-main">IEEE 802.11</span> Wireless network standard

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of medium access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.

<span class="mw-page-title-main">Wireless LAN</span> Computer network that links devices using wireless communication within a limited area

A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. This gives users the ability to move around within the area and remain connected to the network. Through a gateway, a WLAN can also provide a connection to the wider Internet.

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, hotels, libraries, and airports to provide visitors.

<span class="mw-page-title-main">Wireless access point</span> Device that allows wireless devices to connect to a wired network

In computer networking, a wireless access point, or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is a physical location where Wi-Fi access is available.

Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Hence, Zigbee is a low-power, low data rate, and close proximity wireless ad hoc network.

Wired Equivalent Privacy (WEP) was a severely flawed security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by its key of 10 or 26 hexadecimal digits, was at one time widely used, and was often the first security choice presented to users by router configuration tools.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

<span class="mw-page-title-main">Wi-Fi Alliance</span> Non-profit organization that owns the Wi-Fi trademark

The Wi-Fi Alliance is a non-profit organization that owns the Wi-Fi trademark. Manufacturers may use the trademark to brand products certified for Wi-Fi interoperability. It is based in Austin, Texas.

A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access points without the traditional requirement for a wired backbone to link them. The notable advantage of WDS over other solutions is that it preserves the MAC addresses of client frames across links between access points.

<span class="mw-page-title-main">Wi-Fi hotspot</span> Wi-Fi access point

A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

IEEE 802.11n-2009, or 802.11n, is a wireless-networking standard that uses multiple antennas to increase data rates. The Wi-Fi Alliance has also retroactively labelled the technology for the standard as Wi-Fi 4. It standardized support for multiple-input multiple-output, frame aggregation, and security improvements, among other features, and can be used in the 2.4 GHz or 5 GHz frequency bands.

<span class="mw-page-title-main">Home network</span> Type of computer network

A home network or home area network (HAN) is a type of computer network that facilitates communication among devices within the close vicinity of a home. Devices capable of participating in this network, for example, smart devices such as network printers and handheld mobile computers, often gain enhanced emergent capabilities through their ability to interact. These additional capabilities can be used to increase the quality of life inside the home in a variety of ways, such as automation of repetitive tasks, increased personal productivity, enhanced home security, and easier access to entertainment.

<span class="mw-page-title-main">Aircrack-ng</span> Software suite

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

Wi-Fi Direct is a Wi-Fi standard for peer-to-peer wireless connections that allows two devices to establish a direct Wi-Fi connection without an intermediary wireless access point, router, or Internet connection. Wi-Fi Direct is single-hop communication, rather than multi-hop communication like wireless ad hoc networks.

IEEE 802.11ah is a wireless networking protocol published in 2017 called Wi-Fi HaLow as an amendment of the IEEE 802.11-2007 wireless networking standard. It uses 900 MHz license-exempt bands to provide extended-range Wi-Fi networks, compared to conventional Wi-Fi networks operating in the 2.4 GHz and 5 GHz bands. It also benefits from lower energy consumption, allowing the creation of large groups of stations or sensors that cooperate to share signals, supporting the concept of the Internet of things (IoT). The protocol's low power consumption competes with Bluetooth, LoRa, and Zigbee, and has the added benefit of higher data rates and wider coverage range.

IEEE 802.11ax, officially marketed by the Wi-Fi Alliance as Wi-Fi 6 and Wi-Fi 6E (6 GHz), is an IEEE standard for wireless local-area networks (WLANs) and the successor of Wi-Fi 5 (802.11ac). It is also known as High EfficiencyWi-Fi, for the overall improvements to Wi-Fi 6 clients in dense environments. It is designed to operate in license-exempt bands between 1 and 7.125 GHz, including the 2.4 and 5 GHz bands already in common use as well as the much wider 6 GHz band.

<span class="mw-page-title-main">KRACK</span> Attack on the Wi-Fi Protected Access protocol

KRACK is a replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

In cryptography, Simultaneous Authentication of Equals (SAE) is a password-based authentication and password-authenticated key agreement method.

References

  1. Chen, Dave (December 4, 2018). "Opportunistic Wireless Encryption…Um, What's That Again?". Network World.
  2. "Wi-Fi CERTIFIED Enhanced Open™: Transparent Wi-Fi® protections without complexity | Wi-Fi Alliance". www.wi-fi.org.
  3. "WPA3: How and why the Wi-Fi standard matters". HPE. August 8, 2018.

Further reading