WPA3 Enterprise 192-bit mode at home

Personally I&#x27;ve essentially given up on depending on WiFi auth for anything important. For general access, segmenting various users, IOT etc for performance, monitoring and light privacy WPA-EAP and PPSKs with VLANs does some work as an initial first layer fine and in a simple reliable way that works with everything. It&#x27;s a low pass filter.<p>But for all sensitive access I use internal Wireguard now. WiFi auth gets a client onto a restricted VLAN in the first place, but from there only a VPN will get to management webguis, sensitive services, or unrestricted internet access. Regrettably the design process for WPA3 was the same old mediocre industry affair. It&#x27;s not worth trying to put many bandaids on vs just moving things to a higher level. As a practical matter WiFi also just isn&#x27;t that fast vs high performance clients, it&#x27;s not like WG has to handle tens of gigabits, so there isn&#x27;t even any downside in performance.<p>WiFi auth at this point kinda feels like a polite lock on the screen door. Not useless at all, but anything really important should have other layers in front that are more secure by design from the ground up.

&quot;NSA grade&quot; irks me - to think these guys have your best interest at heart. In the 1970&#x27;s they weakened DES [1]. In 2015 the NSA created a backdoor and pressured companies into installing it [2]. In 2016 you had the leaked tools stolen and used by the Shadow Brokers &#x2F; Equation Group [3]. More recently the NSA made arguments against double encryption to combat weaknesses in potential quantum-safe encryption algorithms [4].<p>The point is that &quot;NSA grade&quot; likely means &quot;NSA accessible&quot;. The major difference between WPA2 and WPA3 is the individual encryption. My guess would be that there is some backdoor during SAE and they could force a complete reconnect by temporarily jamming&#x2F;disrupting all users on a network.<p>[1] <a href="https:&#x2F;&#x2F;arstechnica.com&#x2F;information-technology&#x2F;2013&#x2F;09&#x2F;the-nsas-work-to-make-crypto-worse-and-better&#x2F;" rel="nofollow">https:&#x2F;&#x2F;arstechnica.com&#x2F;information-technology&#x2F;2013&#x2F;09&#x2F;the-n...</a><p>[2] <a href="https:&#x2F;&#x2F;twitter.com&#x2F;matthew_d_green&#x2F;status&#x2F;1433470109742518273" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;matthew_d_green&#x2F;status&#x2F;14334701097425182...</a><p>[3] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Shadow_Brokers" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Shadow_Brokers</a><p>[4] <a href="https:&#x2F;&#x2F;blog.cr.yp.to&#x2F;20240102-hybrid.html" rel="nofollow">https:&#x2F;&#x2F;blog.cr.yp.to&#x2F;20240102-hybrid.html</a>

I want to know why WPA3 doesn&#x27;t have a mode where a password is used <i>for the initial connection</i>, but then the client and AP generate a keypair and each store their half and use that for all future connections.<p>For all future connections, the AP can validate every client, and the client can validate that it is connecting to the same AP.<p>The AP could have an interface to &#x27;revoke&#x27; access to any single client if necessary, and single use passwords could be used too.<p>That would give all the same benefits as WPA Enterprise (after the initial pairing), and all the ease of use of a preshared key.

&gt; However, if you want a home network that’s simple to configure, easy for your guests to borrow, hassle-free, and that all of your Smart Home gadgets can connect to, then you should close this tab now<p>Or do what I do: run multiple APs. I have my primary one, which is very tightly secured and monitored, and only gives access to my local VPN. I have a guest one, which is only as secure as any average AP and gets you internet access, but no access to my LAN. If I used &quot;smart&quot; gadgets that I couldn&#x27;t really control and trust, I&#x27;d set up a subnet just for them alone.

&gt; Because you need certificates, your Smart Home devices won’t support WPA3 Enterprise. Home printers won’t support it. A lot of things won&#x27;t support it. In fact, it’s a miracle that some consumer-grade routers and access points support it at all.<p>It&#x27;s not really a miracle. It&#x27;s just much easier to do from the access point side because the whole authentication process is basically offloaded to the radius server. It doesn&#x27;t add a lot of complexity to the actual access point or router. The radius server itself is usually not included with these solutions, they&#x27;re just capable of talking to one. It&#x27;s just an easy to achieve bullet point for a feature list.<p>On client devices however it&#x27;s a huge pita building a mechanism to manage client certificates, the verification chain and related requirements. It also has to be able to verify the radius server&#x27;s identity so it needs a full list of fully up to date root CAs (including private PKIs and a way to add them too) and be able to check their revocation. And you need accurate time while not actually having internet access yet. And then there&#x27;s automatic issuing. Most businesses don&#x27;t just hand you a certificate, it&#x27;s issued on the fly by a company HSM after the client device first generates its private key and then installed automatically by MDM <i>after</i> it determines your device is trusted enough. Like obeying security settings like encryption, having the required Antimalware installed and updated etc. It&#x27;s also automatically revoked if that is no longer the case.<p>If you just hand it to a user and let them use it wherever they want it&#x27;s not a lot better than a password really. So nobody actually does this in the real world. So the endpoint needs to be able to talk to various MDMs which is certainly feasible on a phone or computer but not on a simple printer, IP cam or smart device.

EAP-TLS is generally a great practice, as EAP-PEAP is vulnerable to MITM issues (fix proposed in <a href="https:&#x2F;&#x2F;www.ietf.org&#x2F;archive&#x2F;id&#x2F;draft-josefsson-pppext-eap-tls-eap-10.txt" rel="nofollow">https:&#x2F;&#x2F;www.ietf.org&#x2F;archive&#x2F;id&#x2F;draft-josefsson-pppext-eap-t...</a> but never adopted).<p>For the use case cited -- blocking MAC spoofing, EAP-TLS doesn&#x27;t quite solve it, it mainly only solves authentication. The outer layer is not wrapped with TLS and is instead based on an ephemeral session key. Additional work is needed to stop the spoofing. The RFC states explicitly that channel binding, which would help stop the MAC spoofing, is not implemented <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc5216" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc5216</a>. What it does prevent is a client from being man-in-the-middled.<p>What&#x27;s even wilder is that on some access points, when set to bridge mode, with an upstream Radius Authentication Server, as described, they may be vulnerable to ARP spoofing of the upstream radius server IP. This is something we&#x27;ve reported to vendors and were told &quot;won&#x27;t fix&quot;. Names include Netgear and TP-Link, though we don&#x27;t suspect all routers from them are affected by this. We have not tested with the unifi access point referenced in the article.<p>So to restate the attack, cause it&#x27;s so ridiculous, you should know about it: an anonymous, unauthenticated wireless station associates without a password. Next it would begin the EAPOL negotiation but it instead then proceeds to perform ARP spoofing to claim the IP address of the upstream Radius that is supposed to only be routed over the uplink interfaces. Even without knowing the shared secret, it&#x27;s possible for the client to pretend to be the radius server to the AP, and authenticate itself onto the network. One thing you want to be very sure of when setting up 802.1X Radius Auth, is that your access point is not going to be misconfigured to allow clients to do this.

A middle ground in complexity is WPA3 with a unique passphrase per VLAN, which allows grouping of devices by risk, or even giving each device a unique identity for access control and traffic management.<p>OSS golang reference code is available, <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38402289">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38402289</a><p><pre><code> VLAN tagging per SSID is a valid approach as well if a router supports it. Thats a lot stronger than how many routers implement their guest isolation. As for Multi-PSK -- the use case is creating micro-segmentation in a network with zero-trust, where the identity on the network is rooted in that password. Without Multi-PSK, if it&#x27;s not clear, every device that has the WiFi password can sniff encrypted traffic with WPA2, make a Rogue AP to attack WPA3 in case its in use, and can perform ARP spoofing on the network to interfere with other devices.</code></pre>

TS information over wifi? Ok. Have fun with that. Im sure it is legally possible somehow, but it just creates a ridiculously large attack surface. And the internal hassles, making sure connected machines are inside defined perimeters ... just run some wires. It isnt like people need to be reading classified stuff on the treadmill.

It makes me sad that even WPA3 doesn’t have a native provisioning mechanism. In a better world, a device would present its MAC address, some description of itself, a public key, and optional extra data (e.g. an attestation of the hardware security backing its keypair, and the network operator could, at its leisure, accept this device. Then printers, smart devices, etc could join without needing to each support an MDM or other proprietary provisioning system.<p>Also, if you care about availability, don’t use a cloud RADIUS server — if the server or your ISP or your route or the relevant part of your network goes down, there goes your WiFi. If you’re using 802.1x, your wired network is toast, too.

&gt; Toggle the switch on the Smallstep RADIUS Root CA to enable Full Trust. The Smallstep RADIUS Root CA is now trusted.<p>What could possibly go wrong?<p>How do you do this without trusting some external CA?

I would like to see something like this for “home” setups but it would have a much better user experience:<p>1) user attempts to connect to “home-wifi”<p>2) owner of “home-wifi” gets notification to confirm or deny access request<p>3) owner can optionally verify further<p>4) if approved, then between AP and client device it will create the client certificates with short expiration dates<p>5) if denied, then no access granted.<p>6) if user tries to connect multiple times and gets denied for all of them, then their device is blacklisted. No notification.<p>No more passwords. Minimal friction to adoption.

If you want do do this 100% locally it&#x27;s pretty easy with Pfsense&#x2F;Opnsense combined with the Freeradius plugin. You can create your CA, hook it up to Freeradius, and create accounts and certificates all from the GUI (if you know what you&#x27;re doing). As a bonus you can use the same certs with say the built-in OpenVPN system, and revocation of certificates is handled seamlessly in the UI as well. Personally I found it much simpler than doing it by hand with OpenSSL commands, which I used in the past when I had a smaller deployment.<p>The great thing with WPA Enterprise is that you can assign VLANs based on the client&#x27;s login, just like a 802.1X switch. For instance my phone is sent to one VLAN, my company laptop to another, and my personal laptop to another. I can use a single SSID and get all the benefits of a multi-VLAN setup. For guests I provide a username and password for MSCHAPv2 authentication, while family devices are issued full certs.<p>What about IOT devices? I generally only use commercial wired gear (IP phones, cams, etc.) anyways with no internet access, and I&#x27;m of the belief that if it doesn&#x27;t support WPA-Enterprise it shouldn&#x27;t be on the network in the first place :). So that rules out all those data-mining smart speakers and so forth.

Just run FreeRADIUS yourself. If you need your own PKI to generate certs in a manageable way, there is OPNsense [0] or smallstep&#x27;s FOSS step-ca [1].<p>Friends don&#x27;t let friends delegate AAA to an external provider like Smallstep or SSO to Okta. While outsourcing to a third party is fine for a limited test, it&#x27;s not fine for anything enduring.<p>Once upon a time, when open, spoofable WiFi was the norm, there was a collective WiFi sharing app that took control of retail WiFi routers with WPA1 enterprise RADIUS support called Radiuz. [2]<p>0. <a href="https:&#x2F;&#x2F;opnsense.org" rel="nofollow">https:&#x2F;&#x2F;opnsense.org</a><p>1. <a href="https:&#x2F;&#x2F;github.com&#x2F;smallstep&#x2F;certificates">https:&#x2F;&#x2F;github.com&#x2F;smallstep&#x2F;certificates</a><p>2. <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20040617153148&#x2F;http:&#x2F;&#x2F;radiuz.net&#x2F;logon.jsp" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20040617153148&#x2F;http:&#x2F;&#x2F;radiuz.net...</a>

Because the requirements of &quot;192-bit mode&quot; for WPA3 Enterprise fall on not only the actual WiFI but also the backend identity providers, you are explicitly <i>not</i> allowed to do this for Eduroam unless you <i>also</i> provide a parallel WPA2-style (thus WPA3 compliant but not &quot;192 bit mode&quot;) WiFi for everybody whose home institution isn&#x27;t the US government.<p>Lots of institutions have Eduroam set so that students (and academics, and everybody else like me) are just authenticating against their Windows domain controllers, so going to &quot;192-bit mode&quot; would mean ripping out a bunch of stuff, replacing it, writing fresh documentation, testing thoroughly and then authorising, but since we&#x27;re talking about the backend <i>every educational establishment in the world</i> would need to do this before you can ship WPA3 192-bit mode. So, that&#x27;s not going to happen.

I think this is generally barking up the wrong tree and addressing the wrong attack vectors for home wifi.<p>An actual over-engineered home wifi looks like this:<p>1. Use, at the very least, prosumer grade router access points. I use *sense and Aruba access points, but you don&#x27;t need to get this serious.<p>2. Use heavy DNS filters. This will block a lot of malware by itself. Quad9 DNS is a good starting point.<p>3. Use a secure wifi password.<p>4. Don&#x27;t enable upnp, etc.<p>5. Don&#x27;t enable ssh or any kind of remote access.<p>6. Don&#x27;t open any ports to the outside. This is the default ruleset for pretty much any firewall.<p>7. If you ever have guests who require wifi, segment these users on a guest wifi or vlan.<p>8. Reduce your reliance on wifi-powered devices. Favor zigbee smart home devices over wifi devices.<p>9. (Optional) segment your IoT devices on a vlan.<p>10. (Optional) use some kind of security package that includes layer 7 monitoring on your LAN.<p>11. (Optional) use some kind of security package that includes IPS&#x2F;IDS.

TLS 1.2 and not 1.3?<p>Could a swore we moved to 1.3 a while ago<p>Also many I&#x27;m just not familiar enough with cryptography but that key size seems kinda small.....am I wrong?<p>Ik RSA uses a different algorithm but RSA it isn&#x27;t uncommon to see keys 1024 or larger in size. I generated a key of 65,536 and 131,072 bits a few times to see if it would work or break any applications I was using. Also just to I can say &quot;yeah back in my day we generated keys way bigger&quot; cuz I know at least 1 other person in the world did it.<p>Is their any standard for securing a network both wired and WiFi using a post quantum algorithm?<p>Also where can I easily find switches that support these standards? AFAIK wpa3 enterprise dosnt always mean this standard is supported....or that some other standard is supported. Is their some database that lists every router&#x2F;AP and the supported features?

I haven&#x27;t gone quite this crazy, but I do have three SSIDs broadcast from my UniFi APs - my main network (WPA3 PSK), a guest one, and a devices network for IoT devices. All these are on different subnets&#x2F;VLANs and firewalled off from each other.<p>A lot of the IoT stuff doesn&#x27;t work with WPA3 or 5GHz, so it&#x27;s useful even for that reason, but the main thing is screening them off from everything else.<p>I am setting up a NUC as a little home Proxmox server (for some other stuff mainly) but for &quot;fun&quot; I can actually see myself setting up a Samba 4 Active Directory domain controller and hooking FreeRADIUS up to that to do Enterprise for my main SSID, but we&#x27;ll see!

&gt; In the “When using this certificate” dropdown, select “Always Trust.”<p>Shouldn&#x27;t it be possible to only enable “Always Trust.” in the &quot;X.509 Basic Policy&quot; setting, instead of allowing the certificate to be used for everything(including SSL)?

&gt; Why is NSA-grade Wi-Fi called &quot;192-bit mode&quot;?<p>I believe this is due to the use of SHA-384, which is described as having 192 bits of &quot;security strength&quot;[0] against collision.<p>[0]: <a href="https:&#x2F;&#x2F;csrc.nist.rip&#x2F;library&#x2F;NIST%20SP%20800-107%20Recommendation%20for%20Applications%20Using%20Approved%20Hash%20Algorithms,%202009-02%20(2).pdf" rel="nofollow">https:&#x2F;&#x2F;csrc.nist.rip&#x2F;library&#x2F;NIST%20SP%20800-107%20Recommen...</a>

Well, that means I couldn&#x27;t use my iPhone from work at home as it blocks installing certificates.<p>But, while not NSA approved, WPA3 itself has support for per-device passwords with WPA-SAE [0] (which isn&#x27;t called WPA-METRIC outside of the USA...).<p>[0] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Simultaneous_Authentication_of_Equals#WPA3" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Simultaneous_Authentication_of...</a>

On the topic of WPA3, I recently found that the old iPad 2 or 3 doesn&#x27;t connect to wifi if it&#x27;s set to WPA3+2, it only works in pure WPA2 mode. Tried on two different AP vendors, though I have no idea if they might use the same chip or driver or something. It&#x27;s the only device that didn&#x27;t work in this mode, everything else was fine, including some whacky iot devices like picture frames and an inverter.

I&#x27;m just amazed that there&#x27;s SCIF approved wifi. I assumed I&#x27;d be dead of old age before that happened.

Yea I wish I could run my router with PMF enabled and WPA2…so many devices do BOT support such options…specially WPA3

&gt; <i>Once you’ve installed the profile, we once again need to manually tweak trust settings. This time to explicitly enable Full Trust for the Smallstep RADIUS server’s root CA. Again, this is not true for a full MDM enrollment.</i><p>Do not download and install and fully trust root CAs from anyone on your iPhone.

Unfortunately the article doesn&#x27;t explain how to setup a RADIUS server for EAP-TLS.

I try not to use wifi as much as possible, but when I do, I connect through it to my home VPN or similar and take it from there, so even if the wifi is compromised, there’s an extra layer of protection there.

I know the article is just &quot;here&#x27;s how&quot;, but I don&#x27;t trust my wifi because of the hardware and software on it, so for me the protocol is irrelevant.

Do these enterprise modes have any advantages when it comes to connection reliability?

Instructions ... yeah, not bad. It&#x27;s essentially WPA3-Enterprise with possibly 192 bit set up. I like WPA3-Enterprise, it&#x27;s really sufficient for most people when one moves to discontinuous permissions on a network. That said, after developing WPA3&#x2F;Enterprise&#x2F;192 for a platform out there, it&#x27;s really very very restricted - and there were very few clients at the time that supported the combinations of security authentications required. Oh, also roaming clients is somewhat restricted (by no fast roaming protocols, at least as of the last time I went through the specs).<p>Here&#x27;s specifics, using hostap&#x2F;wpa_supplicant style configuration: key management WPA-EAP-SUITE-B-192. (but then they talk about that); pairwise=GCMP-256, group_mgmt=BIP-GMAC-256; EAP=TTLS;<p>I mean RADIUS support isn&#x27;t that hard - freeradius will do. TLS - well, need valid certs that work for EAP. (it&#x27;s not as specialized as Passpoint&#x2F;Hotspot-2, which requires custom certs that must be validated by a specific CA, but it still takes some steps). My own experiments across a number of clients showed that GCMP-256 support for pairwise and group management weren&#x27;t that common before Wifi-6 took off. Suite-B 192 though isn&#x27;t so hard to reach.<p>Hostly, I prefer WPA3-Enterprise with Fast Roaming. Sadly, typical household devices didn&#x27;t work well with it (mixed with android devices, generally no for printers and other IOT), so I went back to two networks - WPA2&#x2F;Personal with PMF=optional for those annoying devices that don&#x27;t have working PMF, and WPA3&#x2F;Personal for most devices - at least for household operations.

A do it yourself guide to stuff you shouldn’t do.

This is how DefCon provides WiFi.

Use EAP-TTLS

&gt;NSA<p>&gt;Wi-Fi<p>No.

this guy is a good writer