Enhancing Wi-Fi Security with User-Friendly WPA3 Passwords

Slide Note
Embed
Share

Proposal to enhance Wi-Fi security by incorporating password and password identifier hashes in the SAE commit exchange, enabling devices to hint to access points which password will be used. This approach aims to improve network efficiency and user experience while addressing privacy concerns associated with password identifiers. The solution also discusses potential issues related to tracking specific individuals/groups through multiple passwords.

alipm
alipm Follow

Uploaded on Nov 15, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. December 2022 doc.: IEEE 802.11-22/2106r0 User-friendly WPA3 Passwords Date: 2022-12-08 Authors: Name Affiliations Address Phone Email Jeff Hansen SoundVision Technologies 192 N Old Hwy 91, Hurricane, UT 84737 USA +1-801-243-7561 jeff@soundvisiontech .com Slide 1 Jeff Hansen, SoundVision Technologies Submission

  2. December 2022 doc.: IEEE 802.11-22/2106r0 Abstract SAE has removed the ability for a single SSID to accept multiple passwords and route users based solely on the password used. This ability has long been used within WPA2- PSK to route different types of devices/users to their appropriate networks. MAC-based and SAE Password identifiers do not solve the problem because they require knowledge of the MAC/Identifier before SAE authentication commences. This proposal adds Password and Password-identifier hashes to the SAE commit exchange. This allows a Station to hint to the AP which password will be used, while offering the user varying degrees of privacy and security. It also eliminates PII privacy concerns with using password identifiers. Slide 2 Jeff Hansen, SoundVision Technologies Submission

  3. December 2022 doc.: IEEE 802.11-22/2106r0 Why is this a big deal? SAE encourages the provisioning of many various SSIDs for various purposes. This clutters the air with unnecessary beacons and degrades the user experience for users who may not understand which network they should connect to. Which network do I use?? Slide 3 Jeff Hansen, SoundVision Technologies Submission

  4. December 2022 doc.: IEEE 802.11-22/2106r0 Why is this a big deal? WPA2-PSK has had the ability to route different users and devices based solely on the password used. This eliminates the need to have many purpose-specific SSIDs. Much better! Slide 4 Jeff Hansen, SoundVision Technologies Submission

  5. December 2022 doc.: IEEE 802.11-22/2106r0 Technical Proposal A small portion of SHA512(BSSID+password) (and/or password identifier) will be included in the SAE commit message to indicate which password the STA is committing to. This allows the AP to search its configured passwords, and commit appropriately to the user s desired password. The hash portion can be a very small number of bits, even 0 bits by default, to maintain status quo. For those networks that have a very small number of passwords (less than 4), even 4 bits of the hash is sufficient in most cases for the AP to detect which password the STA has committed to. The admin interface can even warn the admin of hash collision before deployment, as well as allow the admin to increase the number of bits desired. Slide 5 Jeff Hansen, SoundVision Technologies Submission

  6. December 2022 doc.: IEEE 802.11-22/2106r0 Potential Issues It is true that allowing multiple passwords enables easier tracking of specific individuals or groups by disseminating specific passwords to those individuals/groups. However, this is (and has been) a legitimate use case in many environments, and the standard should be adjusted to allow admins to encourage as much or as little privacy as users are comfortable with. In STA User Interfaces, a privacy warning could be added to networks that have non-zero hash bits. The severity of the privacy warning can go up as the number of desired hash bits gets larger. As far as security implications, the security benefits of SAE alone should outweigh the ability to filter available passwords based on the small number of hash bits shared. Slide 6 Jeff Hansen, SoundVision Technologies Submission

  7. December 2022 doc.: IEEE 802.11-22/2106r0 Other options Use password identifier as the password hash Requires less changes on AP side AP should still indicate how many hash bits it desires Don t include BSSID, or include something else in hash Slide 7 Jeff Hansen, SoundVision Technologies Submission

  8. December 2022 doc.: IEEE 802.11-22/2106r0 Thank you! Questions? Slide 8 Jeff Hansen, SoundVision Technologies Submission

Related


Importance of Secure Passwords in Internet Safety

Importance of Secure Passwords in Internet Safety

yamileth
Effective Management of CDIS User Passwords and Account Lockouts

Effective Management of CDIS User Passwords and Account Lockouts

leonard
Best Practices for Password Security and User Authentication

Best Practices for Password Security and User Authentication

hove_r
Mastering Strong Passwords: A Practical Guide

Mastering Strong Passwords: A Practical Guide

darl_359
Understanding Device Settings and Strong Passwords for Digital Citizenship

Understanding Device Settings and Strong Passwords for Digital Citizenship

urban
Effective Strategies for Creating Strong and Memorable Passwords

Effective Strategies for Creating Strong and Memorable Passwords

viers_m
Comprehensive Guide to Setting Up Security Questions and Answers for Self-Service Accounts

Comprehensive Guide to Setting Up Security Questions and Answers for Self-Service Accounts

aleah
Enhancing Mobile PIN Security Using Passwords

Enhancing Mobile PIN Security Using Passwords

chibuik
Interactive Password Security Activity for Children

Interactive Password Security Activity for Children

rdoll
Windows Security Overview and Best Practices

Windows Security Overview and Best Practices

graisynpu
Essential Information for New Student Orientation at Brunswick Community College

Essential Information for New Student Orientation at Brunswick Community College

maysonon
Database Security Measures and Controls

Database Security Measures and Controls

aristotle
Strengthen Your Digital Literacy with Strong Password Strategies

Strengthen Your Digital Literacy with Strong Password Strategies

eleonora
Promote Feature Adoption with Self-Service Password Reset Posters

Promote Feature Adoption with Self-Service Password Reset Posters

aster
Best Practices for Protecting Sensitive Data

Best Practices for Protecting Sensitive Data

jas_r
Enhancing Public Wi-Fi Security with Opportunistic Wireless Encryption (OWE)

Enhancing Public Wi-Fi Security with Opportunistic Wireless Encryption (OWE)

deng_l
Guide to Court Management System User Administration

Guide to Court Management System User Administration

trom
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Understanding User Identity and Access Tokens in Windows Security

Understanding User Identity and Access Tokens in Windows Security

lkyi
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Administrator Deletes User - User Management System Storyboard

Administrator Deletes User - User Management System Storyboard

kish_2
Zoom Best Practices and Security Guidelines

Zoom Best Practices and Security Guidelines

brij_5
Guide to MySQL Operations on Turing Server

Guide to MySQL Operations on Turing Server

brynleigh
Online Safety Guidelines and Best Practices

Online Safety Guidelines and Best Practices

prince

More Related Content