Moving from authenticated enterprise networks to public hotspots, we encounter the 'Open' network. Traditionally, Open Wi-Fi sends all data in plaintext. Opportunistic Wireless Encryption (OWE), defined in RFC 8110, changes this by providing encryption without requiring a password.
OWE uses a Diffie-Hellman (DH) key exchange to establish a unique session key between the client and the AP. Because there is no pre-shared key or certificate, this is an 'opportunistic' encryption.
Crucial Point: OWE provides encryption, but NOT authentication. You know the link is encrypted, but you don't know WHO you are talking to.
The output confirms the wireless card supports OWE. When connecting to an OWE-enabled hotspot, the handshake happens automatically in the background.
๐ก OWE solves the problem of 'Passive Sniffing.' In a standard open network, anyone with Wireshark can read your traffic. With OWE, every client has a unique key.
# Conceptual flow of OWE
Client $ o$ [DH Public Key] $ o$ AP
AP $ o$ [DH Public Key] $ o$ Client
Both $ o$ Derive Session Key $K$| Feature | Standard Open | OWE (Enhanced Open) |
|---|---|---|
| Encryption | None (Plaintext) | AES-CCMP |
| Password Required | No | No |
| Passive Sniffing | Possible | Prevented |
| MitM Protection | None | None (No Auth) |
Since OWE does not authenticate the Access Point, it is still completely vulnerable to Evil Twin attacks. An attacker can simply host an OWE-enabled AP with the same name as the legitimate hotspot.
Do not confuse 'Encrypted' with 'Secure.' OWE only prevents passive eavesdropping; it does not prove the identity of the network operator.
Verify exercises to earn โ 180 XP and unlock next lab level.