CTS 175: Wi-Fi Security Updates with Hendrik Lüth

In this episode, we are interviewing Hendrik Lüth on the state of Wi-Fi security today. Hendrik works as a System Engineer for CANCOM in Germany. You can follow him on Twitter @DO9XE and on Linkedin. You can also visit and read his blog at https://linux-nerds.de/. Agenda * Start conversation with the “2018” status of WiFi security* WPA2 is widely supported* WPA2-Enterprise too complicated for home/guest solutions* Headless IoT devices only support PSK, because of hardware limitations* MPSK/PPSK/DynPSK* Short Recap on 4-way handshake* We just need to mention that there is Nonce and a MIC, that’s all 🙂* Explanation of how it works and why it’s different with every vendor* PPSK from aerohive* Use Nonce, MIC and MAC and a list of known keys to find a matching key* More information needed, hard to find technical details* DynPSK from rukkus* One key per MAC, auto detection possible* Autodetection probably like aerohive* Internal database of the Zone-director * MPSK (Multiple PSK) from Aruba* Based on a mac-authentication* Requires ClearPass Policy Manager* Identity PSK from Cisco* WPA3* WPA3-SAE* Dragonfly handshake* WPA3-Enterprise 192-bit Mode* CNSA Suite B* Stronger crypto* Enhance Open* RFC8110* Transition mode* Plan from Aruba to bring MPSK with WPA3-SAE into the IEEE Standard* Dragonblood Attack by Mathy Vanhoef Resources * Wi-Fi Security Timeline* Dragonblood* Video on WPA3-SAE* Password-Identifier* Hendrik Presentation in German* WFD Aruba:* Aruba Hardened WiFi Security for Evolving Threat Landscapes with Chuck Lukaszewski* WPA3, OWE and DPP by Hemant Chaskar at WLPC Phoenix 2019