Introduction to WPA3

In this episode, we are providing an introduction to WPA3. We also show how to configure it on a Cisco controller as well as how you could validate it by looking at Wi-Fi frames:

Introduction

WPA3 is the improved version of Wi-Fi security. It updates WPA2 which is commonly used everywhere in Wi-Fi networks. 

Why the need for WPA3?

• KRACK Attack
• https://www.cleartosend.net/cts-094-sealing-krack-attack/
• WPA2-PSK is subject to dictionary attacks

WPA3 brings the following:

• Increased crypto strength
• Dumps legacy protocols
• Mandates Protected Management Frames (PMF)
  • https://www.cleartosend.net/802-11w-management-frame-protection/
• Mandatory for Wi-Fi 6 (more and more devices will support WPA3)

There are two versions of WPA3 which are similarly named from WPA2:

• WPA3-Personal
  • Pre-shared Key
  • Simultaneous Authentication of Equals (SAE) is used
• WPA3-Enterprise
  • Builds upon WPA2-Enterprise
  • Enhanced encryption
  • WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data:
    • Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
    • Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
    • Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
    • Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)

WPA3 Modes

There are a few modes WPA3 can be implemented

• WPA3-Personal only
• WPA3-Personal transition
• WPA3-Enterprise only
• WPA3-Enterprise transition
• WPA3-Enterprise 192-bit
• WPA3 Fast BSS Transition
• WPA3-Enterprise Server Certificate Validation

WPA3-Personal

• Mandatory
  • AP enables at least AKM suite selector of 00-0F-AC:8 (SAE Authentication)
  • STA allows at least AKM 00-0F-AC:8 for association
  • AP and STA must use PMF
    • AP and STA sets MFPC and MFPR to 1
  • Must use only DH groups 15-21, group 19
• Requirement
  • AP and STA does not enable AKM 00-0F-AC:2 (WPA2-PSK) and 00-0F-AC:6 (PSK using SHA-256)
  • AP doesn’t enable WPA on same BSS with WPA3-Personal
  • No WEP and TKIP on same BSS as WPA3-Personal
  • STA will use SAE when AP supports SAE and PSK

WPA3-Personal Transition

• Mandatory
  • AP enables at least AKM 00-0F-AC:2 (WPA2-PSK) and 00-0F-AC:8 (WPA3-Personal)
  • STA allows at least AKM 00-0F-AC:2 (WPA2-PSK) and 00-0F-AC:8
  • AP sets MFPC to 1, MFPR to 0
  • STA sets MFPC to 1, MFPR to 0
  • AP rejects association for SAE if PMF is not negotiated
  • STA negotiates PMF when associating to AP using SAE
• Recommended
  • AP enables AKM 00-0F-AC:6
  • STA allows 00-0F-AC:6
• Requirement
  • AP doesn’t enable WPA on same BSS with WPA3-Personal
  • No WEP and TKIP on same BSS as WPA3-Personal
  • STA will use SAE when AP supports SAE and PSK

WPA3-Enterprise Only

• PMF will be set to capable which is the MFPC bit set to 1 and MFPR bit set to 1 in the RSN Capabilities field
• No WPA version 1 enabled on the same BSS on WPA3-Enterprise

WPA3-Enterprise transition mode

• WPA2-Enterprise and WPA3-Enterprise transition mode on same BSS, PMF will be set to capable which is the MFPC bit set to 1 and MFPR bit set to 0 in the RSN Capabilities field
• WPA3-Enterprise STA will negotiate PMF when using WPA3-Enterprise transition mode
• No WPA version 1 enabled on the same BSS on WPA3-Enterprise

WPA3-Enterprise 192-bit

• For sensitive environments needing higher security requirements
• PMF is required
• Permitted EAP cipher suites for use with 192-bit mode:
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • ECDHE and ECDSA using the 384-bit prime modulus curve P-384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • ECDHE using the 384-bit prime modulus curve P-384
    • RSA ≥ 3072-bit modulus
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • RSA ≥ 3072-bit modulus 
    • DHE ≥ 3072-bit modulus

WPA3 Fast BSS Transition

• Added to WPA3 Spec on 12/20/2019
• Different modes:
  • Fast BSS Transition for WPA3-Personal transition mode
  • Fast BSS Transition for WPA3-Enterprise transition mode
  • Fast BSS Transition for WPA3-Personal only mode
  • Fast BSS Transition for WPA3-Enterprise only mode
• There is an order of AKM preference
  • Personal Modes
    • FT Authentication using SAE 00-0F-AC:9
    • SAE Authentication 00-0F-AC:8
    • FT Authentication using PSK 00-0F-AC:4
    • PSK using SHA-256 00-0F-AC:6
    • PSK 00-0F-AC:2
  • Enterprise Modes
    • FT Authentication using 802.1X (SHA 256) 00-0F-AC:3
    • Authentication using 802.1X (SHA 256) 00-0F-AC:5
    • Authentication 802.1X 00-0F-AC:1

Updated AKM Selector Table

Resources

• WPA3 frame capture
• WPA3 Specs: https://www.wi-fi.org/download.php?file=/sites/default/files/private/WPA3_Specification_v2.0.pdf
• Previous Clear To Send Episodes on Wi-Fi security:
  • CTS 175: https://cleartosend.net/175
  • CTS 096: Deep Dive into KRACK with Hemant Chaskar: https://www.cleartosend.net/96
  • CTS 158: 802.11w Management Frame Protection: https://cleartosend.net/158
  • CTS 139: Aruba Networks Demos OWE at MFD3: https://cleartosend.net/139