In this episode, we are interviewing Hendrik Lüth on the state of Wi-Fi security today. Hendrik works as a System Engineer for CANCOM in Germany. You can follow him on Twitter @DO9XE and on Linkedin. You can also visit and read his blog at https://linux-nerds.de/.
Agenda
- Start conversation with the “2018” status of WiFi security
- WPA2 is widely supported
- WPA2-Enterprise too complicated for home/guest solutions
- Headless IoT devices only support PSK, because of hardware limitations
- MPSK/PPSK/DynPSK
- Short Recap on 4-way handshake
- We just need to mention that there is Nonce and a MIC, that’s all 🙂
- Explanation of how it works and why it’s different with every vendor
- PPSK from aerohive
- Use Nonce, MIC and MAC and a list of known keys to find a matching key
- More information needed, hard to find technical details
- DynPSK from rukkus
- One key per MAC, auto detection possible
- Autodetection probably like aerohive
- Internal database of the Zone-director
- MPSK (Multiple PSK) from Aruba
- Based on a mac-authentication
- Requires ClearPass Policy Manager
- Identity PSK from Cisco
- Short Recap on 4-way handshake
- WPA3
- WPA3-SAE
- Dragonfly handshake
- WPA3-Enterprise 192-bit Mode
- CNSA Suite B
- Stronger crypto
- WPA3-SAE
- Enhance Open
- RFC8110
- Transition mode
- Plan from Aruba to bring MPSK with WPA3-SAE into the IEEE Standard
- Dragonblood Attack by Mathy Vanhoef
