Wi-Fi CERTIFIED Enhanced Open™: Transparent Wi-Fi® protections without complexity
June 04, 2018 by Dan Harkins, Aruba, a Hewlett Packard Enterprise company
New Wi-Fi Enhanced Open™ technology infuses no-hassle advanced cryptography for open networks
We’ve all come to expect fast, reliable, and secure wireless access everywhere. Wi‑Fi® has steadily delivered increasing performance, and it is essential that privacy and security evolve as well to meet ongoing threats.
Wi-Fi CERTIFIED Enhanced Open™ is the first in a series of programs Wi-Fi Alliance® is launching to address the unique demands of modern connection scenarios. It provides confidentiality for over-the-air communications, while maintaining simplicity, in areas where we all collaborate, such as coffee shops and restaurants, as well as airports, hotels and sports arenas.
New capabilities for personal and enterprise Wi-Fi networks will emerge later this year as part of
Wi-Fi CERTIFIED WPA3™.
Wi-Fi Enhanced Open™ is based on the Opportunistic Wireless Encryption (OWE) standard. A product of the Internet Engineering Task Force (IETF), OWE, defined in RFC 8110, specifies an extension to IEEE 802.11 that uses a cryptographic handshake to encrypt the devices connecting open network access points. OWE uses some of the same underlying cryptography developed for the Simultaneous Authentication of Equals (SAE). SAE was previously included in the IEEE 802.11s standard and is in the process of being incorporated into WPA3.
Making protected open networks barrier-free
The goal of OWE was “encrypting the air” to prevent traffic snooping and other related attacks that are common in today’s shared, open networks. This was achieved by bringing together all of the protections of today’s advanced encryption and cryptography technologies, without adding complexity or scalability burdens.
For device users, a network with Wi-Fi Enhanced Open provides the same “select and connect” access we’re all accustomed to. It is expected that Enhanced Open networks will continue to be displayed without a “lock” icon in client devices. After a user chooses an available network, their OWE-capable device will connect automatically – nothing else is required – but the link will be fully encrypted.
Businesses deploying Wi-Fi Enhanced Open infrastructure benefit similarly, as OWE security is available out of the box. No additional provisioning is required, and scalability is built into the technology. They can promote the advanced protections of their Wi-Fi network, which helps improve brand loyalty, boost sales and achieve a competitive advantage. Essentially, those open networks without Enhanced Open capabilities risk being left behind.
Wi-Fi Enhanced Open market introductions on track
Given the benefits for end users, device manufacturers and infrastructure providers achieving Wi-Fi Enhanced Open certification for their new products just makes sense. Work is already underway for HPE to complete the certification process, with market introductions expected later this year, and throughout and beyond 2019.
In short, Wi-Fi Enhanced Open is an exciting development for our industry. It strengthens the connectivity needs of Wi-Fi networks without imposing a burden on users, to further the Wi-Fi Alliance vision of connecting everyone and everything, everywhere.
Dan is a Distinguished Technologist, focusing on network security and applied cryptography, in the office of the CTO at Aruba, a Hewlett Packard Enterprise company. During his decade with Aruba, Dan has served as a representative to the Wi-Fi Alliance and played an active role in various task groups to further protocols and standards in support of the organization’s goal to drive the interoperability, adoption, and evolution of Wi-Fi globally.
Over the course of his professional career working for numerous leading companies, Dan’s projects have included IKE, IPPCP, IPsec, 802.1x and multitude of EAP methods. He is the author of multiple standards, including the IEEE’s Simultaneous Authentication of Equals (SAE), which was incorporated into 802.11s, as well as RFC 2409, RFC 5297, RFC 5931, RFC 8110, and the Device Provisioning Protocol (DPP).