Wireless Notes
Learn WPA3 with SAE Dragonfly protocol, forward secrecy, offline attack immunity, OWE enhanced open, WPA3-Personal Enterprise 192-bit, and comparison with WPA2 for engineering students.
Understanding WPA3 security enhancements including Simultaneous Authentication of Equals (SAE), protection against offline dictionary attacks, forward secrecy, Enhanced Open (OWE), and 192-bit enterprise security.
WPA3-Personal: SAE (Dragonfly)
The WPA2 Vulnerability SAE Fixes
In WPA2-PSK, the four-way handshake exposes enough information for offline dictionary attacks:
- Attacker captures the four-way handshake (just 4 packets)
- Offline, tests millions of password guesses per second using GPUs
- For each guess, derives PMK → PTK → MIC and compares with captured MIC
- Match = password found (no interaction with network needed)
With modern GPUs testing 2 million passwords/second, an 8-character password falls in days.
How SAE Works
SAE (based on the Dragonfly key exchange, RFC 7664) is a Password-Authenticated Key Exchange (PAKE) protocol. It proves both parties know the password without revealing information that could be used for offline cracking.
SAE Protocol Steps:
- Commit Exchange: Both parties (client and AP) independently derive a secret element from the password and exchange commitments (based on elliptic curve Diffie-Hellman)
- Confirm Exchange: Both parties prove they derived the same secret without revealing it
- PMK Derivation: The shared secret becomes the PMK for the subsequent 4-way handshake
Why offline attacks fail: The attacker sees the commit exchange messages, but:
- They cannot derive the password from these messages (discrete log problem on elliptic curves)
- Each authentication session uses fresh random values
- There is no offline verification oracle — the attacker cannot test password guesses without interacting with the real AP
Forward Secrecy
WPA3-SAE provides forward secrecy: even if the password is later compromised, previously recorded traffic CANNOT be decrypted. This is because each session derives unique encryption keys from fresh ephemeral Diffie-Hellman exchanges. The password is only used for authentication, not directly for key derivation.
Contrast with WPA2-PSK: If you learn the password, you can decrypt ALL previously captured traffic (since PMK is directly derived from the password).
WPA3-Enterprise: 192-bit Security
Enhanced Security Mode
WPA3-Enterprise introduces a 192-bit security mode aligned with CNSA (Commercial National Security Algorithm Suite) requirements:
| Component | WPA2-Enterprise | WPA3-Enterprise 192-bit |
|---|---|---|
| Encryption | AES-128-CCMP | AES-256-GCM (GCMP-256) |
| Key derivation | SHA-256 | SHA-384 |
| Authentication | EAP-TLS (any TLS version) | EAP-TLS 1.3 (mandatory) |
| Key confirmation | HMAC-SHA-256 | HMAC-SHA-384 |
| Management frame protection | Optional (802.11w) | Mandatory (PMF) |
| Certificate minimum | 2048-bit RSA | 3072-bit RSA or P-384 ECDSA |
This mode provides government-grade security suitable for classified environments, financial institutions, and critical infrastructure.
Enhanced Open (OWE)
The Open Network Problem
Traditional open WiFi networks (cafes, airports, hotels) have zero encryption. Every device in range can see every other user's traffic in plaintext. This enables trivial eavesdropping, session hijacking, and credential theft.
OWE (Opportunistic Wireless Encryption)
WPA3 introduces Enhanced Open using OWE (RFC 8110):
- Performs unauthenticated Diffie-Hellman key exchange during association
- Encrypts all subsequent traffic with unique per-client keys
- No password needed — still "open" from user's perspective (no login)
- Prevents passive eavesdropping (cannot decode other users' traffic)
Limitation: OWE does not authenticate the AP — an evil twin attack is still possible. But it eliminates the most common threat (passive sniffing on open networks).
Protected Management Frames (PMF)
Why PMF is Mandatory in WPA3
WPA2 left management frames (deauthentication, disassociation, action frames) unprotected. This enabled:
- Deauthentication attacks (forcing clients offline)
- Disassociation attacks (disrupting connections)
- Rogue AP attacks using management frame spoofing
WPA3 mandates 802.11w (PMF) — all management frames are authenticated using the session key. Forged management frames are detected and discarded.
WPA3 Transition Mode
Backward Compatibility
Since WPA3 adoption takes time, most networks operate in transition mode:
- AP advertises both WPA2-PSK and WPA3-SAE simultaneously
- WPA3-capable clients use SAE
- Legacy WPA2 clients use the old four-way handshake
- Both use the same password
Security concern: In transition mode, an attacker can force a WPA3-capable client to downgrade to WPA2 (by spoofing AP capabilities). Mitigation: Clients should prefer SAE and alert users about downgrades.
WPA3 vs WPA2 Comparison
| Feature | WPA2-Personal | WPA3-Personal | Improvement |
|---|---|---|---|
| Key exchange | PSK 4-way handshake | SAE (Dragonfly) | No offline attacks |
| Offline dictionary attack | Vulnerable | Immune | Fundamental |
| Forward secrecy | No | Yes | Past traffic protected |
| Brute force protection | Unlimited offline attempts | Online only (rate-limited) | Exponential slowdown |
| Management frame protection | Optional | Mandatory | Anti-deauth |
| Encryption | AES-128-CCMP | AES-128-CCMP (or GCMP-256) | Same or better |
| Open network protection | None | OWE (Enhanced Open) | Passive eavesdropping eliminated |
| Minimum password strength | Any (vulnerable if weak) | Still helps to be strong | SAE protects weak passwords better |
Known Attacks and Limitations
Dragonblood Attacks (2019)
Researchers found implementation vulnerabilities in early WPA3 deployments:
- Timing side-channel: Implementation could leak information about password during SAE
- Cache-based attack: Shared CPU cache revealed password-related computations
- Downgrade to WPA2: Transition mode allows forcing legacy handshake
All addressed in implementation patches (not protocol-level flaws). The SAE protocol itself remains secure when correctly implemented.
Deployment Status (2024-2025)
- All WiFi 6E (6 GHz) devices MUST support WPA3 (Wi-Fi Alliance requirement)
- WiFi 7 (802.11be) requires WPA3 for certification
- Enterprise adoption growing (especially 192-bit mode for government/finance)
- Consumer adoption slower (transition mode dominates)
- Most routers sold since 2020 support WPA3
Key Takeaways
- WPA3-SAE eliminates offline dictionary attacks by using a PAKE protocol (Dragonfly) where captured handshake messages cannot be used to verify password guesses
- Forward secrecy in WPA3 means captured traffic remains encrypted forever even if the password is later compromised — each session has unique keys
- Enhanced Open (OWE) provides encryption on open networks without passwords, eliminating passive eavesdropping on public WiFi
- Mandatory Protected Management Frames (PMF/802.11w) prevent deauthentication attacks that plagued WPA2 networks
- WPA3-Enterprise 192-bit mode provides government-grade security with AES-256-GCM and mandatory EAP-TLS 1.3
- Transition mode allows gradual adoption but introduces downgrade risk — security-sensitive deployments should use WPA3-only mode
- WPA3 is mandatory for WiFi 6E and WiFi 7 certification, ensuring universal adoption in all new devices by 2025-2026
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for WPA3 SAE Enhanced WiFi Security Forward Secrecy.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Wireless Communications topic.
Search Terms
wireless-communications, wireless communications, wireless, communications, security, wpa3, wpa3 sae enhanced wifi security forward secrecy
Related Wireless Communications Topics