Wi-Fi CERTIFIED Enhanced Open™: Transparent Wi-Fi® protections without complexity
June 4th, 2018 by Dan Harkins
New Wi-Fi Enhanced Open™ technology infuses no-hassle advanced cryptography for open networks
We’ve all come to expect fast, reliable, and secure wireless access everywhere. Wi‑Fi® has steadily delivered increasing performance, and it is essential that privacy and security evolve as well to meet ongoing threats.
Wi-Fi CERTIFIED Enhanced Open™ is the first in a series of programs Wi-Fi Alliance® is launching to address the unique demands of modern connection scenarios. It provides confidentiality for over-the-air communications, while maintaining simplicity, in areas where we all collaborate, such as coffee shops and restaurants, as well as airports, hotels and sports arenas.
New capabilities for personal and enterprise Wi-Fi networks will emerge later this year as part of
Wi-Fi CERTIFIED WPA3™.
Wi-Fi Enhanced Open™ is based on the Opportunistic Wireless Encryption (OWE) standard. A product of the Internet Engineering Task Force (IETF), OWE, defined in RFC 8110, specifies an extension to IEEE 802.11 that uses a cryptographic handshake to encrypt the devices connecting open network access points. OWE uses some of the same underlying cryptography developed for the Simultaneous Authentication of Equals (SAE). SAE was previously included in the IEEE 802.11s standard and is in the process of being incorporated into WPA3.
Making protected open networks barrier-free
The goal of OWE was “encrypting the air” to prevent traffic snooping and other related attacks that are common in today’s shared, open networks. This was achieved by bringing together all of the protections of today’s advanced encryption and cryptography technologies, without adding complexity or scalability burdens.
For device users, a network with Wi-Fi Enhanced Open provides the same “select and connect” access we’re all accustomed to. It is expected that Enhanced Open networks will continue to be displayed without a “lock” icon in client devices. After a user chooses an available network, their OWE-capable device will connect automatically – nothing else is required – but the link will be fully encrypted.
Businesses deploying Wi-Fi Enhanced Open infrastructure benefit similarly, as OWE security is available out of the box. No additional provisioning is required, and scalability is built into the technology. They can promote the advanced protections of their Wi-Fi network, which helps improve brand loyalty, boost sales and achieve a competitive advantage. Essentially, those open networks without Enhanced Open capabilities risk being left behind.
Wi-Fi Enhanced Open market introductions on track
Given the benefits for end users, device manufacturers and infrastructure providers achieving Wi-Fi Enhanced Open certification for their new products just makes sense. Work is already underway for HPE to complete the certification process, with market introductions expected later this year, and throughout and beyond 2019.
In short, Wi-Fi Enhanced Open is an exciting development for our industry. It strengthens the connectivity needs of Wi-Fi networks without imposing a burden on users, to further the Wi-Fi Alliance vision of connecting everyone and everything, everywhere.
Dan Harkins is a Fellow at Hewlett Packard Enterprise performing research and development in the field of applied cryptography. He specializes in designing secure protocols for network access and device communication. His current focus of research is in robust and misuse resistant cryptography and in ways to provision trust in per-user or per-device credentials that scale from the home network to the enterprise. He invented the protocol that ended up becoming the Device Provisioning Protocol in the Wi-Fi Alliance. He also invented the secure, password-based key agreement protocol that is the base of WPA3. He is the author of numerous RFCs in the field of authentication and secure key establishment and is an active participant in IETF, IEEE, and Wi-Fi Alliance.
Add new comment