CTS 175: Wi-Fi Security Updates with Hendrik Lüth

In this episode, we are interviewing Hendrik Lüth on the state of Wi-Fi security today. Hendrik works as a System Engineer for CANCOM in Germany. You can follow him on Twitter @DO9XE and on Linkedin. You can also visit and read his blog at https://linux-nerds.de/.

Agenda

  • Start conversation with the “2018” status of WiFi security
    • WPA2 is widely supported
    • WPA2-Enterprise too complicated for home/guest solutions
    • Headless IoT devices only support PSK, because of hardware limitations
  • MPSK/PPSK/DynPSK
    • Short Recap on 4-way handshake
      • We just need to mention that there is Nonce and a MIC, that’s all 🙂
    • Explanation of how it works and why it’s different with every vendor
    • PPSK from aerohive
      • Use Nonce, MIC and MAC and a list of known keys to find a matching key
      • More information needed, hard to find technical details
    • DynPSK from rukkus
      • One key per MAC, auto detection possible
      • Autodetection probably like aerohive
      • Internal database of the Zone-director
    • MPSK (Multiple PSK) from Aruba
      • Based on a mac-authentication
      • Requires ClearPass Policy Manager
    • Identity PSK from Cisco
  • WPA3
    • WPA3-SAE
      • Dragonfly handshake
    • WPA3-Enterprise 192-bit Mode
      • CNSA Suite B
      • Stronger crypto
  • Enhance Open
    • RFC8110
    • Transition mode
  • Plan from Aruba to bring MPSK with WPA3-SAE into the IEEE Standard
  • Dragonblood Attack by Mathy Vanhoef

Resources

Join Clear To Send

Come join the Clear To Send community.

Powered by ConvertKit
About the Author
Wireless Network Engineer and Owner at SemFio Networks. CWNE #180. Living in London ON Canada, born and raised in Dijon, France.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.