Why doesn't public or open WiFi use unique encryption for each client (like GSM)?

Question

I wanted to ask a networking security question about open or public WiFi. This question is not a duplicate of Why isn't open WiFi encrypted?

Reading about cellular networks I found out that cellular data is uniquely encrypted for each user between the network/base-station and him with the help of the SIM card. Why does't something similar happen in public/open WiFi (taking into consideration an analogy of the base station with the router and the SIM card with a NIC card perhaps)?

This would allow encryption for every single user and avoid the problem of insecurity in public/open WiFi where there is no password (no encryption-in data link layer at least, not referring to https which is application layer) or a common password (making the encryption useless to someone that knows it and is seating in the nearby coffee shop sniffing packets).

Maybe because it is open, and therefore does not require any pre-shared credentials? — Konrad Gajewski, Sep 03 '18 at 18:05
Check this out too https://www.howtogeek.com/339765/what-is-wpa3-and-when-will-i-get-it-on-my-wi-fi/ — Jack D., Sep 03 '18 at 18:35
@KonradGajewski cellular network is not open, the credentials are inside the SIM card. It's a pre-shared key with client authentication. — ThoriumBR, Sep 03 '18 at 20:18

score 1 · Accepted Answer · answered Sep 03 '18 at 17:19

cellular data is uniquely encrypted for each user

Yes, because every cell phone have a SIM (Subscriber Identity Module) card. This SIM card holds, among other things, the identity of the user, and identifies him to the operator. This would be more or less analogous to username and password on a WPA2 wireless network. You buy a SIM, you have right to access the operator network, until you stop paying and the company disables your record on their databases, and your SIM cannot connect anymore.

Why does't something similar happen in public/open WiFi

It's because a public WiFi lacks the central entity responsible for handling out usernames and password, like the telecom company does with a SIM card. To work the same, someone would have to be physically available around the router to register people, giving them usernames and passwords. And that would very much look like a protected WiFi network.

But with WPA3 it will be possible to have passwordless mutual authentication, so it will be possible to encrypt data between each client and the AP, but that will not prevent someone to employ an Evil Twin attack against the clients.

Thank you for the answer, I agree with your point. However as you so correctly informed me public/open WiFi isn't encypted due to lack of central entity, but that's just an excuse for the inadequate current protocol, since WPA3 still does't have a central entity but does offer “individualized data encryption”. So it is was more of a "hole" in the WPA protocol. — Jack D., Sep 03 '18 at 18:31
@JackD. The protocol contains a _lot_ of really ugly holes, not just a lack of encryption on open networks. Two major ones that come to mind is using the authentication key (WiFi password) to derive the encryption key (PSK) directly, rather than generating it using a key exchange algorithm, and the fact that the ESSID is used as the salt (a completely crazy concept that enables rainbow tables for popular hotspot names). — forest, Nov 05 '18 at 08:48

Why doesn't public or open WiFi use unique encryption for each client (like GSM)?

1 Answers1