loader-logo

Securing Open WiFi with OWE

Every day we are connecting to open unencrypted Wi-Fi networks. These are networks such as enterprise guest networks, coffee shops, airport Wi-Fi, public venues, and more.

Security is everyone’s responsibility, including the user. But with Wi-Fi connectivity we seem to connect willingly without a single thought. Unencrypted Wi-Fi networks leave a gap in security. It can be a point of entry for malicious intent.

Unencrypted, open, Wi-Fi networks leave a device vulnerable between it and an access point. It’s one layer of security often left untouched and forgotten. Simply for the ease of use.

There is now a way to improve the security posture of open Wi-Fi networks while still keeping them “open” and easy to use.

It’s called Opportunistic Wireless Encryption (OWE).

OWE provides a way for devices to connect to open Wi-Fi networks with an encrypted session. Traffic exchanged between the device and access point can take advantage of having a third party snoop on the communications.

Inside technical look at OWE from https://rowelldionicio.com/identifying-owe-transition-mode-with-wireshark/

Why would OWE be needed? Opportunistic Wireless Encryption (OWE) will bring security to open networks.

Guest enterprise networks can feel more safe when browsing the web. Public spaces are less susceptible to sniffing since traffic is encrypted. Even the coffee shop can be safer. Remember the days of Firesheep? A Firefox browser extension allowed someone to hijack someone else’s Facebook, Amazon, and Twitter accounts. This was done over an open Wi-Fi connection.

We will see more support for OWE as newer access points are released by vendors. Currently, Cisco and Aruba support OWE with the latest version of firmware.

Many devices do not have support for it yet. The one device I’ve tested is the Samsung S10 which connected seamlessly to an OWE capable network.

One thing to keep in mind, because the Wi-Fi network is open, OWE will not be able to verify the access point you’re connecting to is indeed the organization’s broadcasting the SSID. There’s still more caution we must consider with open Wi-Fi networks but we can now begin encrypting our communications with open Wi-Fi networks.

Ask your Wi-Fi vendor if they are serious about Wi-Fi security and when they will support Opportunistic Wireless Encryption.

If you want to see some technical details around OWE check out these links:


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


[gravityforms id=16 title=false description=false]
<script type="text/javascript">if(!gform){document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0});var gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),null==t&&(t=10),gform.hooks[o][n].push({tag:i,callable:r,priority:t})},doHook:function(o,n,r){if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[o][n]){var t,i=gform.hooks[o][n];i.sort(function(o,n){return o.priority-n.priority});for(var e=0;e<i.length;e++)"function"!=typeof(t=i[e].callable)&&(t=window[t]),"action"==o?t.apply(null,r):r[0]=t.apply(null,r)}if("filter"==o)return r[0]},removeHook:function(o,n,r,t){if(null!=gform.hooks[o][n])for(var i=gform.hooks[o][n],e=i.length-1;0<=e;e--)null!=t&&t!=i[e].tag||null!=r&&r!=i[e].priority||i.splice(e,1)}}}</script> <div class='gf_browser_unknown gform_wrapper gravity-theme' id='gform_wrapper_16' ><form method='post' enctype='multipart/form-data' id='gform_16' action='/securing-open-wifi-with-owe/' > <div class='gform_body gform-body'><div id='gform_fields_16' class='gform_fields top_label form_sublabel_below description_below'><fieldset id="field_16_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Name<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name no_last_name no_suffix gf_name_has_1 ginput_container_name' id='input_16_1'> <span id='input_16_1_3_container' class='name_first' > <input type='text' name='input_1.3' id='input_16_1_3' value='' aria-label='First name' aria-required='true' placeholder='First Name' /> <label for='input_16_1_3' >First</label> </span> </div></fieldset><div id="field_16_2" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_2' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_2' id='input_16_2' type='text' value='' class='large' placeholder='Business email address' aria-required="true" aria-invalid="false" /> </div></div><fieldset id="field_16_3" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label gfield_label_before_complex' >Consent<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_16_3'><div class='gchoice gchoice_16_3_1'> <input class='gfield-choice-input' name='input_3.1' type='checkbox' value='I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the &lt;a href=&quot;https://packet6.com/privacy-policy&quot; target=&quot;_new&quot;&gt;Privacy Policy&lt;/a&gt;' id='choice_16_3_1' /> <label for='choice_16_3_1' id='label_16_3_1'>I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the <a href="https://packet6.com/privacy-policy" target="_new">Privacy Policy</a></label> </div></div></div></fieldset><div id="field_16_4" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_16_4' >Phone</label><div class='ginput_container'><input name='input_4' id='input_16_4' type='text' value='' /></div><div class='gfield_description' id='gfield_description_16_4'>This field is for validation purposes and should be left unchanged.</div></div></div></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_16' class='gform_button button' value='Get the report' onclick='if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; jQuery("#gform_16").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_16' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='16' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_16' value='WyJbXSIsImY4MGVlNTA5MGVjMWYzYzU5NzUyOGFhOWE3ZGFiMzRlIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_16' id='gform_target_page_number_16' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_16' id='gform_source_page_number_16' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> </form> </div>