Wi-Fi is a Passion


per-user PSK and SAE

In the previous blog about PSK authentication in general, I discussed how weak PSK is against dictionary attacks and social engineering. Sadly, not all the devices support EAP authentication in enterprise environments, and even if it is not recommended to use PSK in an enterprise environment that may be the only option. Some Voice over WiFi devices don’t support EAP technology or some organizations don’t have the money or the knowledge to configure a RADIUS server.

Proprietary PSK
Proprietary PSK is offered with a few vendors in the WLAN. Each device has a unique PSK mapped with their MAC address. There will be a database with all the PSKs mapped to the MAC address are stored on the access point or a centralized management server. One of the newest software releases from Cisco (8.5) has something named IPSK (identity PSK). I don’t have experience with other vendor solutions for mac-based PSK. MAC-based PSK is still weak against dictionary attacks or social engineering like PSK is, but if a hacker has the key now, it has only a key from one device. Changing the key is not an intense job any more since it is only for one device. This solution is most of the time used for company devices like the VoWiFi or IoT devices. This means that an administrator of the company configures those devices and needs to fill in the PSK once before the device can be used. In that case you can pick generated passwords with 20 characters or more, to be sure it is secure. Remember the entropy part in an earlier blog.

Per user / per device PSK is still not a replacement for 802.1X/EAP and should never be. This solution should only be used for legacy devices that don’t support 802.1X/EAP, IOT devices, or personal devices (BYOD) for guest access.

Simultaneous Authentication of Equals
Simultaneous Authentication of Equals (SAE) is for standardizing mesh networks (802.11s). In the amendment, it is defined as Hybrid Wireless Mesh Protocol. HWMP is a protocol that finds the best path for traffic through all the mesh access points. One problem with this is that it is not working across multiple vendors. Vendors are competitors from each other and prefer not to mesh with access points from other vendors. The 802.11s amendment also defined RSN security methods. To create and exchange PMKs in a secure way, mesh access points use Authenticated Mesh Peering Exchange (AMPE). One way you could do this (derive the PMK) is 802.1X/EAP, but there are some problems that occur. In a normal environment, the access points are wire-connected to the internet and with their wired connection they can authenticate to the RADIUS server. Mesh access points are not wire-connected (only the root access point). A new peer-to-peer authentication that can be used in mesh environments is SAE.

The mechanism that is used within SAE is Dragonfly key exchange. The devices need to prove that they know the password to authenticate, but don’t need to reveal their password. This mechanism is known as zero-knowledge proof key exchange. SAE is a Wi-Fi Alliance certification program that should replace PSK authentication. As mentioned earlier PSK authentication is weak against dictionary attacks. SAE’s goal is to prevent dictionary attacks and has the following proposals: no WEP/TKIP, WPA2-Personal, and SAE must be supported within the BSS and using the same passphrase. So, SAE still uses a passphrase, but never reveals its password. That makes it more secure than PSK. There are four SAE authentications (commit messages). The first is each radio is forced to guess the passphrase. The second is for confirmation exchange (for telling that the guess of the passphrase was correct). The third one is the password element that is used during the authentication, and the fourth is the key exchange protocol. This element is computed by the passphrase.

SAE was made to encrypt unicast traffic between mesh access points. The SAE exchange is there to generate the PMK and this will derive the mesh temporal key (MTK). But Wi-Fi alliance wants to use this also for encrypting traffic between access points and clients. After the four-way SAE authentication, a PMK is installed on client and access points. When this process is completed the 4-way handshake will start.

Roaming with using SAE is possible as well. The standard way is probe request/response, SAE authentication, the reassociation request/response, and as last the 4-way handshake. The faster way is that a client can be SAE authenticated to multiple access points at the same time, but only associated to one. Prior to roaming the client performs an SAE commit and confirm (the four-way SAE authentication). During this process, the PMK will create and install on the possible access points. When the client starts roaming, the access point already has the PMK and only the reassociation needs to find place and the 4-way handshake.