OWE / Enhanced Open

OWE (Opportunistic Wireless Encryption), defined in RFC 8110 and certified by the Wi-Fi Alliance as Enhanced Open, closes the single worst property of an Open network: that every frame travels in cleartext. An OWE SSID looks and joins exactly like an open network, with no password and no prompt, but the moment a client associates it runs an unauthenticated Diffie-Hellman exchange with the access point. Both sides derive a fresh, per-client Pairwise Master Key from that exchange, so each station encrypts its traffic under a key no other device on the network holds. Protected Management Frames (PMF, 802.11w) are mandatory, so management frames are protected too.

The word that matters is unauthenticated. OWE encrypts, but it verifies nothing: there is no passphrase, no certificate, and no identity to check, so a client has no way to tell the real AP from an impostor that advertises the same SSID. OWE defeats the passive eavesdropper that ruins an open network, and it does nothing against an active attacker who stands up a rogue AP and gets the client to associate. It is a confidentiality upgrade, not an authentication one.

On the New Network form, choose OWE / Enhanced Open as the protocol. There is no passphrase field, because OWE has no shared secret; the key is negotiated per client. Tala WTE writes wpa_key_mgmt=OWE, rsn_pairwise=CCMP, and ieee80211w=2 (PMF required, which OWE mandates), and starts a pure OWE BSS.

Pure OWE is the strong configuration; the weakness OWE deployments actually ship with is OWE-transition mode, where the OWE BSS is paired with a companion open BSS so legacy clients can still connect. The lab runs the clean version so you can first confirm that OWE encryption holds against a passive capture, then build the open twin yourself to demonstrate the downgrade. For the full New-Network walkthrough, see Networks.

Confirm encryption holds (the passive capture that now fails)

Start here to see what OWE buys. Run the capture you would use against an Open network and watch it come up empty: each client's traffic is under its own key, so a monitor-mode sniffer sees only ciphertext.

airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w owe wlan0mon

Judgment: this is the point of OWE. The attack that trivially works on Open returns nothing here, so the move is to go active.

Unauthenticated evil twin

Because OWE authenticates nothing, a rogue OWE (or plain open) AP broadcasting the same SSID is indistinguishable to the client. Stand up the twin, deauthenticate the victim off the real AP, and let it reassociate to you, where you hold the other half of every Diffie-Hellman exchange:

aireplay-ng -0 5 -a AA:BB:CC:DD:EE:FF wlan0mon

Judgment: encryption without authentication moves the whole battle to who the client trusts, and OWE gives it nothing to trust. This is the central lesson of the protocol.

OWE-transition downgrade

Most real Enhanced Open deployments run transition mode, advertising a companion open BSS for devices that do not speak OWE. Bring up that open twin and a transition-mode client will happily associate to it unencrypted, putting you right back to cleartext sniffing. A captive-portal or evil-twin framework that supports an OWE-transition profile performs exactly this.

Judgment: the compatibility shim is the soft underbelly. A network can be "encrypted by default" and still hand you plaintext the moment a legacy-friendly open BSS is on the air.

OWE / Enhanced Open is the modern answer to the coffee-shop and airport hotspot, and adoption is growing as clients and access points pick up support. The catch is that almost all of it ships in transition mode for compatibility, which means an open BSS is usually somewhere on the same SSID. In practice you treat an OWE network as genuinely private against passive interception but wide open to an active evil twin, and you assume a downgrade path to plain open exists until you have proven otherwise.

OWE is itself the fix for an open network, so the hardening is about removing its remaining gaps. Run pure OWE rather than transition mode once the client fleet supports it, which removes the open-BSS downgrade entirely. PMF is already mandatory, so the deauthentication primitive is blunted for OWE-only clients (it survives only on the open twin). Most importantly, recognize what OWE does not do: where you need to verify the network, not just encrypt to it, move to an authenticated mode, WPA2-Personal or WPA3-Personal for a shared key, or WPA2-Enterprise for per-user identity. OWE is the right default for guest access and the wrong tool where authentication matters.

• RFC 8110 - Opportunistic Wireless Encryption, the IETF specification behind Enhanced Open.
• IEEE 802.11w-2009 - Protected Management Frames, mandatory for OWE.
• Wi-Fi Alliance: Wi-Fi CERTIFIED Enhanced Open - the certification program for OWE.
• Open networks - what OWE replaces, and the passive attacks it defeats.