The Wi-Fi Alliance is introducing Wi-Fi CERTIFIED Enhanced Open, a certification program that delivers benefits for users in open Wi-Fi networks.
Wi-Fi Enhanced Open provides protections in scenarios where user authentication is not desired or distribution of credentials impractical. These unauthenticated networks are often deployed in public locations such as local coffee shops and guest networks with a web portal in airports, hotels, and sports arenas.
Wi-Fi Enhanced Open provides protections against passive eavesdropping without requiring a password or extra steps to join the network. Based on Opportunistic Wireless Encryption (OWE) - a product of the Internet Engineering Task Force (IETF), OWE, defined in RFC 8110, specifies an extension to IEEE 802.11 that uses a cryptographic handshake to encrypt the devices connecting open network access points. OWE uses some of the same underlying cryptography developed for the Simultaneous Authentication of Equals (SAE). SAE was previously included in the IEEE 802.11s standard and is in the process of being incorporated into WPA3.
Wi-Fi Enhanced Open integrates established cryptography mechanisms to provide each user with unique individual encryption that protects data exchange between a user device and the Wi-Fi network. Protected Management Frames further protects management traffic between the access point and user device. Network operators that use a captive portal to control network access can maintain the simplicity of their deployment because there are no network credentials to maintain or share.
Wi-Fi Enhanced Open can be deployed in a transition mode which allows for gradual migration from an open network to a Wi-Fi Enhanced Open network without disruption to Wi-Fi users or network operators. As more client devices include Wi-Fi Enhanced Open, they will benefit from the new protections provided. There is no need for additional user configuration.
Later this summer, Wi‑Fi Alliance will deliver the next generation of Wi-Fi Protected Access security capabilities for personal and enterprise Wi-Fi networks through Wi-Fi CERTIFIED WPA3. In scenarios where the authentication capabilities inherent in Wi‑Fi Protected Access are not desired, Wi-Fi Enhanced Open will provide users with enhanced data protections.