The document discusses new security technologies for the 6 GHz wireless band. It describes how WPA3 Personal replaces WPA2 Personal with a new authentication method called Simultaneous Authentication of Equals (SAE) that uses a Dragonfly key exchange resistant to offline dictionary attacks. It also discusses Opportunistic Wireless Encryption (OWE) which provides encryption without authentication, and notes that support for OWE is still limited. Existing wireless intrusion prevention systems (WIPS) will not be able to detect rogue access points or attacks in the 6 GHz band as current sensors lack 6 GHz radios, but vendors with tri-band sensor capabilities will lead in providing WIPS for 6 GHz.
Eliminating co-channel interference in the 6 GHz band
1. 8/20/21 Co-channel interference will be all but eliminated.
Jeffrey Green The 6 GHz band is also cleaner “pure”. Section 1.1
6 GHz with new security technology!
2. 8/20/21 Co-channel interference will be all but eliminated.
Jeffrey Green The 6 GHz band is also cleaner “pure”. Section 1.2
OWE – Enhanced Open.
The OWE protocol integrates cryptography mechanisms to provide each user with unique
individual encryption, protecting the data exchange. The experience for the user is the same as
with open security because there is no need to enter a password or passphrase.
Mitigation of Malicious eavesdropping.
SAE – Simultaneous Authentication of Equals.
A WPA3-Personal access point (AP) in transition mode enables WPA2-Personal and WPA3-
Personal simultaneously on a single basic service set (BSS) to support client devices using a mix
of WPA2-Personal and WPA3-Personal with the same passphrase. Client devices that support
both WPA2-Personal and WPA3-Personal connect using the higher-security method of WPA3-
Personal when available.
OWE provides encryption without authentication.
By far, the most significant change defined by WPA3 is the replacement of PSK authentication
with Simultaneous Authentication of Equals(SAE), which is resistant to offline dictionary
attacks. SAE leverages on a Dragonfly key exchange. Dragonfly is a patent-free and royalty-free
technology that uses a zero-knowledge proof key exchange.
• Opportunistic Wireless
Encryption (OWE)
• Encryption without
authentication
• Enhanced Open
certification is not part of
WPA3 and is an entirely
different and optional
security certification
WPA3 Personal
• WPA3 replacement for PSK.
• Password key exchange based
on a zero-knowledge proof.
• Prove you know the
credentials without
compromising the credentials.
• No forging, modification or
replay attacks.
• No offline dictionary attacks.
3. 8/20/21 Co-channel interference will be all but eliminated.
Jeffrey Green The 6 GHz band is also cleaner “pure”. Section 1.3
The goal is to provide the same user experience by still using a passphrase.i
The OWE experience for the user is the same as open security because there is no need to enter
a password or passphrase before joining the network. Data privacy protects against malicious
eavesdropping attacks. Nevertheless, please understand that there is zero authentication security.
Enhanced Open is not part of WPA3 and is an entirely different and optional security
certification for 2.4 GHz and 5 GHz frequency bands.ii
SAE leverages Dragonfly key exchange.
Customers understand that Enhanced Open meets only half of the requirements for well-
rounded Wi-Fi security. OWE does provide encryption and data privacy, but there is no
authentication whatsoever. As previously mentioned, Enhanced Open is an optional security
certification. As a result, many WLAN vendors still do not support OWE, and client-side
support is marginal at best but growing. Therefore, tactical deployments of OWE in the 2.4 and
5 GHz frequency bands are currently scarce. iiiiv
WIPs and 6 GHz.
Existing WIPS solutions will
NOT be able to detect 6 GHz
rogue APs and attacks.
Current sensors do not have 6
GHz radios.
The vendors with tri-band
sensor capabilities will take
the lead for WIPs in the 6 GHz
band.
4. 8/20/21 Co-channel interference will be all but eliminated.
Jeffrey Green The 6 GHz band is also cleaner “pure”. Section 1.4
i
https://www.extremenetworks.com/extreme-networks-blog/wireless-security-in-a-6-ghz-wi-fi-6e-world/
ii
https://www.extremenetworks.com/extreme-networks-blog/wireless-security-in-a-6-ghz-wi-fi-6e-world/
iv
ttps://www.extremenetworks.com/extreme-networks-blog/wireless-security-in-a-6-ghz-wi-fi-6e-world/