Issue link: https://resources.mouser.com/i/1300216
p. 7 Enterprise Wi-Fi Security Obviously, when dealing with healthcare and the IoMT, secure communication is vital. Wi-Fi data level security consists of two parts. Encryption, which is scrambling of data so it cannot be intercepted (key); and authentication (802.1x), which verifies that the client receiving the data is the client who should be receiving the data (certificate). Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access II (WPA2) are the primary security algorithms you'll see when setting up a wireless network. WEP is the oldest and has proven to be vulnerable as more and more security flaws have been discovered. WPA improved security but is now also considered vulnerable to intrusion. WPA2, while not perfect, is currently the most secure choice. Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) are the two different types of encryption you'll see used on networks secured with WPA2. AES is a more secure encryption protocol introduced with WPA2. AES isn't some creaky standard developed specifically for Wi-Fi networks, either. It's a serious worldwide encryption standard that's even been adopted by the US government. Extensible Authentication Protocol (EAP) is an authentication framework, not a specific authentication mechanism. It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP, and EAP-TTLS. WPA2-PSK versus WPA2- Enterprise See Figure C for a brief comparison of the less secure WPA2-PSK to WPA2-Enterprise. The security scheme is defined by the end user's IT organization. Nearly all enterprise networks within the medical market expect support for the WPA-2 Enterprise within the clients joining the network. The EAP supplicant of choice is also driven by the end user and the RADIUS authentication selected. The challenge for the medical device manufacturers is in implementing a Wi-Fi communications module that supports WPA2 – AES encryption and provides updated EAP supplicant drivers. WPA3 In January of 2018, the Wi-Fi Alliance announced Wi-Fi-certified WPA3, the next generation of Wi-Fi security for both personal and enterprise networks. This newest version adds four features that were not present in WPA2. To market devices as Wi-Fi Certified™ WPA3™, manufacturers must fully implement these four new features: • Individualized data encryption – When you connect to an open Wi-Fi network (such as in a coffee shop or airport), the traffic • Also known as WPA2-Personal • Involves a single password to access the wireless network • Should only be used: • If the network has only a few trusted devices (i.e., home or small office) • To restrict casual users from joining an open network (i.e., guest network or coffee shop) • For devices that are not compatible with 802.X (i.e., game console) WPA2-PSK (Pre-Shared Key) WPA2-Enterprise • Has an authentication process based on the 802.1X standard • Each client receives a unique encryption key after log-in that are not saved on the device (AES) • Includes EAP types • Because each device is authenticated prior to connection, a personal tunnel is created between the device and the network between your device and the access points is encrypted even though no password was entered during the connection process. • New handshake – When a device connects to an access point, it performs a handshake to ensure you've used the correct password to connect and negotiates the applicable encryption that will secure the connection. This new handshake delivers stronger protections even if the user assigns a password that doesn't meet typical strength recommendations. • Simpler connection process – Because many devices today do not have displays, WPA3 includes a feature that simplifies the security configuration process. • 192-bit security suite – Intended for government, defense, and industrial applications, this suite aligns with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems. A number of the Wi-Fi solutions available today can support a software migration to WPA 3. The exception is in the support for the 192-bit encryption. This may require a hardware upgrade for some Wi-Fi modules and chipsets. Figure C