Chapter 79 · Security Advisory

Wireless Security Settings

Why WPA2's four-way handshake is a brute-force target. How WPA3 and SAE eliminate that attack. The three wireless security modes. The AAA framework. RADIUS, 802.1X, EAP, and the supplicant–authenticator–server flow.

WIFISEC-2024-001
The WPA2 PSK Problem and WPA3's Solution
Severity: High

The Three Security Objectives for Any Wireless Network

Every wireless network faces a fundamental physical exposure problem: the signal travels through the air to reach authorized devices, and it travels through the air equally well to reach unauthorized ones. The radio frequency energy does not distinguish between the device it is meant for and a nearby attacker with a wireless adapter. This physical reality makes three security objectives non-negotiable for any wireless network carrying meaningful data.

Confidentiality ensures that even if an attacker captures the wireless frames, they cannot read the content. This is achieved through encryption — transforming plaintext data into ciphertext that is unreadable without the correct decryption key. Without encryption, any wireless traffic sent in the clear is readable by anyone within signal range.

Authentication ensures that only authorized users gain access to the wireless network. Simply having signal range should not be sufficient to connect — a credential of some kind (password, certificate, token) must be provided and validated before access is granted.

Integrity ensures that data received is identical to data sent. A message integrity check (MIC) allows the receiver to verify that no one modified the wireless frames in transit. Without integrity checks, an attacker could alter frames without detection.

The WPA2 Pre-Shared Key Problem

For years, WPA2 (Wi-Fi Protected Access 2) was the standard for wireless encryption. It served well, but it contains a significant vulnerability specific to its pre-shared key (PSK) mode — the mode used by virtually all home wireless networks and many small business networks where everyone shares the same Wi-Fi password.

When a device connects to a WPA2-PSK network, it goes through a four-way handshake with the access point to establish the session keys. This handshake does not transmit the actual pre-shared key — but it does transmit cryptographic material derived from it, including a hash. And that hash is transmitted over the air, where any attacker who is passively listening can capture it.

Once an attacker has the captured hash, the attack moves offline. They take the hash to their own hardware and begin testing password candidates — hashing each candidate and comparing it to the captured hash. If the candidate's hash matches, they found the correct password. This offline brute-force attack has become dramatically more effective over time. GPU-accelerated password cracking can test billions of password candidates per second. Cloud-based cracking services distribute the work across massive computing infrastructure. A weak password on a WPA2-PSK network can be recovered in hours or days from a single passively-captured handshake.

There is a second, deeper problem: WPA2-PSK has no forward secrecy. Every device on the network uses the same pre-shared key, and that key is the root of all session encryption. If an attacker cracks the PSK — even months after capturing the handshake — they can use it to decrypt any previously captured traffic. Compromise of the PSK compromises every session ever protected by it, retroactively. There is no isolation between sessions.

WPA3 — GCMP Encryption

WPA3, introduced in 2018, addresses both the encryption strength and the authentication vulnerability of WPA2. On the encryption side, WPA3 uses GCMP — the Galois/Counter Mode Protocol — as its block cipher mode, replacing the encryption used in WPA2.

GCMP provides two security services in a single cryptographic operation. First, it provides data confidentiality through AES (Advanced Encryption Standard) encryption in counter mode — the wireless data is encrypted using a strong, modern cipher. Second, it provides message integrity through GMAC — the Galois Message Authentication Code. The GMAC generates a MIC (Message Integrity Check) that is attached to each frame. The receiver verifies the MIC before processing the frame; any modification of the frame in transit invalidates the MIC, and the tampered frame is detected and discarded. Confidentiality and integrity are delivered together by the same algorithm.

WPA3 — SAE and the End of the Handshake Attack

The more significant WPA3 improvement is SAE — Simultaneous Authentication of Equals. SAE completely replaces the WPA2 four-way handshake and eliminates the vulnerability that made offline brute-force attacks possible.

The key insight of SAE is that the session key should never travel across the network in any form — not as a hash, not as encrypted material derived from it, not in any representation that could be captured and attacked offline. SAE achieves this through a process based on Diffie-Hellman key exchange, where both the client and the access point derive the same session key independently, each using their own computation without transmitting the key or a hash of the key across the network.

The authentication component built into SAE means that both parties verify the other knows the correct password as part of the key derivation process — but without ever sending the password or a hash of it over the air. This is mutual authentication: the client verifies the access point, and the access point verifies the client. An attacker listening to the SAE exchange captures nothing useful — there is no hash to take offline and brute-force, because the hash is never transmitted.

SAE also delivers per-session forward secrecy: even when all users share the same pre-shared key, each connection derives a unique, independent session key. If an attacker somehow compromises one session's key, that tells them nothing about any other session's key. Previously captured traffic from other sessions cannot be decrypted. This is the property of forward secrecy that WPA2-PSK entirely lacked.

The SAE process is defined in the IEEE 802.11 standard under the informal name "dragonfly handshake." Organizations and individuals still using WPA2-PSK on networks carrying sensitive data should migrate to WPA3 where hardware supports it — the SAE improvement is not incremental but architectural: it eliminates an entire category of attack.

WIFISEC-2024-002
Wireless Security Modes and the AAA Framework
Severity: High

Three Wireless Security Modes

When configuring a wireless access point, the administrator selects a security mode that determines how clients authenticate and how traffic is encrypted. Three distinct modes represent the spectrum from no security to enterprise-grade individual authentication.

Open System (no authentication). An open wireless network requires no credentials to connect. Anyone within signal range can join, and traffic — unless the applications themselves use TLS — travels in the clear. Open networks are appropriate for guest networks with deliberate open access intent, but are completely inappropriate for any network carrying organizational or sensitive data. The absence of authentication and encryption means both authorization (who connects) and confidentiality (what they see) provide zero protection. Guest networks that are truly intended to be open should be isolated from all organizational resources by network segmentation.

WPA3-Personal (WPA3-PSK). WPA3-Personal uses a pre-shared key — the familiar "Wi-Fi password" — where everyone connecting uses the same credential. The underlying WPA3 protocol (with GCMP encryption and SAE authentication) makes this far more secure than WPA2-PSK: the SAE handshake eliminates the offline brute-force vulnerability, and each session gets a unique key even though all users share the same password. WPA3-Personal is appropriate for home networks and small organizations where individual account management is not practical. The limitation remains: the PSK is shared. If it is compromised — if an employee shares it externally, if an old employee still knows it — the entire network is exposed until the PSK is changed. For home use, this is an acceptable trade-off. For organizations with many users, the single shared credential is a governance problem.

WPA3-Enterprise (WPA3-802.1X). WPA3-Enterprise replaces the shared password with individual authentication — each user provides their own unique credentials, which are validated against a centralized authentication server. No two users share the same credential for wireless access. When an employee leaves, their account is disabled on the authentication server, and they immediately lose wireless access — without requiring a password change that affects every other user. When a user's credentials are compromised, only that user's access is revoked. WPA3-Enterprise is the correct choice for any organizational wireless network handling sensitive data, and it is what most employees encounter when connecting to corporate Wi-Fi: a prompt for username, password, and possibly a second authentication factor.

The AAA Framework — Identification, Authentication, Authorization, Accounting

The AAA framework is the conceptual foundation underlying enterprise authentication systems including wireless access control. It defines four sequential steps that govern how a user or device gains access to a network resource and how that access is tracked.

Identification is the first step: the user claims an identity. In practice, this is typically the act of entering a username. The system now knows who you say you are — but has not yet verified it. Identification alone grants nothing; it simply establishes the identity being asserted.

Authentication is the verification of that claimed identity. You prove you are who you say you are. The most common mechanism is a password — a secret known only to the legitimate user that, when combined with the username, demonstrates that the person providing it must be the legitimate user. Multi-factor authentication adds additional proof: a TOTP code, a hardware token, a biometric. Authentication is what prevents an attacker who knows your username from using it — they do not have the secret that proves the claim.

Authorization determines what the authenticated user is permitted to do. Authentication answers "are you who you say you are?" Authorization answers "given who you are, what are you allowed to access?" Different users may have different levels of network access — some users access the full corporate network, contractors access only specific resources, guests access only the internet. Authorization policy maps authenticated identities to permitted resources. In wireless network contexts, this can include VLAN assignment — different user groups are placed on different network segments based on their authorization level.

Accounting records what the authenticated, authorized user actually did during their session. Login time, logout time, volume of data sent and received, resources accessed — all of these are logged by the accounting function. Accounting serves multiple purposes: it supports usage-based billing models, it provides audit trails for security investigations, it enables anomaly detection (a user whose normal data usage is 50 MB suddenly transferring 50 GB is flagged), and it supports compliance reporting requirements that demand evidence of what users accessed and when.

WIFISEC-2024-003
RADIUS, 802.1X, EAP, and the Authentication Flow
Severity: Medium

RADIUS — The AAA Protocol

Remote Authentication Dial-In User Service (RADIUS) is the most widely deployed protocol for implementing the AAA framework in enterprise environments. Despite the "dial-in" in its name — a reference to its origins in the modem-dial-in era — RADIUS is used across essentially every type of network access scenario: wireless authentication, VPN access, router and switch management access, and server login.

RADIUS centralizes credential management. Rather than each wireless access point, each VPN concentrator, and each network device maintaining its own local user database, they all forward authentication requests to a central RADIUS server. The RADIUS server holds (or integrates with) the authoritative user database — often Active Directory or another LDAP directory — and makes authentication decisions on behalf of every device that queries it.

This centralization has profound operational security benefits. When an employee is terminated, their account is disabled in one place — the RADIUS server's user database — and immediately loses access across every system that authenticates against it. When a user changes their password, the change propagates to all network access systems simultaneously. The alternative — maintaining local user databases on dozens or hundreds of network devices — creates a maintenance burden that inevitably results in stale accounts, inconsistent passwords, and access that persists long after it should have been revoked.

RADIUS is a AAA server: it handles authentication (validating credentials), authorization (deciding what access the authenticated user receives), and accounting (logging session details). The combination makes RADIUS the operational backbone of enterprise network access control.

IEEE 802.1X — Port-Based Network Access Control

IEEE 802.1X is a standard for port-based Network Access Control (NAC). "Port-based" means that access to a network port — whether a physical switch port or a wireless association point — is controlled by authentication. A device that connects to a 802.1X-protected network port is placed in an unauthenticated state: it can communicate with the authentication infrastructure but cannot access the broader network until it successfully authenticates.

This is the enforcement mechanism that makes WPA3-Enterprise work. When a user's device connects to the corporate wireless network, the access point puts the device in an unauthenticated state and prompts for credentials. Those credentials go through the 802.1X process to a back-end authentication server (RADIUS, LDAP, TACACS+). Only after the authentication server returns a success response does the access point grant the device access to the network.

802.1X is not limited to wireless networks — it works equally well on wired networks, controlling which devices can access switch ports. In high-security environments, even wired connections require authentication before network access is granted. This prevents unauthorized devices from physically plugging into a network jack and gaining access.

EAP — The Extensible Authentication Protocol

Extensible Authentication Protocol (EAP) is the authentication framework that operates within the 802.1X process. Rather than specifying a single authentication method, EAP is a framework that supports many different authentication methods — allowing manufacturers, standards bodies, and organizations to implement the authentication method appropriate for their environment and security requirements.

Common EAP methods include EAP-TLS (which uses digital certificates for mutual authentication), PEAP (Protected EAP, which tunnels an inner authentication method inside a TLS tunnel), and EAP-TTLS. Different environments choose different EAP methods based on whether they have a public key infrastructure (PKI) for certificates, what legacy devices they need to support, and what level of authentication strength they require.

EAP's extensibility is what makes 802.1X adaptable across so many environments. The underlying 802.1X access control framework remains the same; the EAP method plugs into it as the specific credential verification mechanism.

The 802.1X Authentication Flow: Supplicant, Authenticator, Authentication Server

The 802.1X authentication process involves exactly three parties, each playing a distinct role.

The supplicant is the device trying to connect to the network — the client. This is the user's laptop, phone, or workstation. The supplicant has 802.1X client software (built into modern operating systems) that handles the authentication exchange. The supplicant provides the credentials — username, password, certificate, or whatever the EAP method requires.

The authenticator is the network device the supplicant is connecting to — the wireless access point for wireless networks, or a managed switch for wired networks. The authenticator's role is to enforce access control: when a supplicant connects, the authenticator places it in an unauthenticated state, allowing only authentication traffic to pass. The authenticator does not make the authentication decision itself — it passes the authentication conversation between the supplicant and the authentication server. When the authentication server returns a success, the authenticator opens the port; when it returns a failure, the authenticator denies access.

The authentication server is the back-end system that actually validates the credentials — typically a RADIUS server. The authentication server receives the credential information forwarded from the authenticator, checks it against the user database (which may be Active Directory, an LDAP directory, or a local database), and returns an Access-Accept or Access-Reject response. If accepted, it may also return authorization attributes — VLAN assignments, access restrictions — that the authenticator uses to configure the supplicant's network access.

The flow in practice: the supplicant connects → the authenticator blocks access and challenges the supplicant for credentials → the supplicant provides an EAP response with credentials → the authenticator forwards this to the authentication server → the authentication server validates and returns Access-Accept → the authenticator opens the port and applies any authorization attributes → the supplicant has network access. The entire exchange typically completes in under a second, transparently to the user.