If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?

Network encryption protects against different set of threats than application layer encryption like TLS.

In particular, network encryption like Wifi encryption are primarily designed to protect from a local attacker from being able to watch network patterns (by recording who you're making connections with, and discovering what devices are on the local network), observing/tampering of low level messages like ARP/DNS, and protecting network broadcasts from devices that aren't supposed to be in the network, and from tampering or selective interference.

TLS doesn't protect the low level TCP/IP packets, which leaks information like the IP address of the machine you're connecting with, and the TLS handshake also by design leaks a number of information about the connection like Server Name Indication (SNI) header.

The side effect of needing to do all this is that Wifi hardware already need to have enough code and processing power to handle encryption, so it becomes easier to just encrypt all wifi packets rather than selectively figuring out what needs protection or not. This come also with the side benefit that unsecured HTTP connection will still be at least marginally protected, even if at least to protect users of the infrastructure from each other, but not from the infrastructure provider.

Network encryption is designed to protect the network, not the service. Application encryption is designed to protect the connection to the service, but it doesn't protect the network. They complement each other, but neither completely makes the other unnecessary.


Why do we not just authorize each end device?

We do. Well, somewhat. The traditional Pre-Shared Key (PSK) model authenticates devices by them having access to the PSK. This is not the only way to do things, and your question mentions MAC addresses. This is generally insecure, since wireless devices necessarily broadcast their MAC address with every packet they send. MAC addresses are also mutable, meaning that an attacker can simply clone the MAC address of an authorized device to circumvent MAC-based filters.

The better approach is client certificates, which is done for WPA2-Enterprise security. It is a much better approach security-wise, but the downside is that each device has to support it. Many consumer-grade appliances (and indeed even some lower-end business appliances) don't support WPA2-Enterprise (e.g. your Nintendo Switch, your wireless printer, etc.).

Why do we encrypt on a lower layer if we could encrypt in a higher layer?

What makes you think that higher layers are somehow preferable? Encrypting in lower layers means that even protocols that are not encrypted will still be "somewhat" safe when used in a wireless network. Encrypting in a higher layer requires each and every application to handle encryption on their own.

Furthermore, encrypting data twice doesn't reduce the amount of security, and encryption has become so optimized that the performance impact is negligible for all but the lowest-end devices (think IoT, etc.).

Isn't this all Security Theater?

"Security Theater" is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to achieve it.

A prime example is the TSA. Many measures they put in place can be circumvented, or are just borderline ridiculous, such as patting down young children, infants, or elderly. There are more, and in fact Wikipedia has a nice list of some more heavily criticized points.

If you've been to a larger airport recently, you will certainly have vivid memories of people standing in line, waiting to be pat down and to be told ridiculous reasons as to why their belt could be used to strangle the pilot or something akin to it. All of this is a cost to the populace, to the actual users of the airport. None of this particularly adds a cost to an attacker, as they could circumvent these measures with relative ease.

Now that we have defined Security Theater, think about wireless encryption for a moment. You have to type in a randomly generated key once, which will take somewhere between 30 and 60 seconds, depending on how long the key is and how fast you can type. The benefit is that an attacker would have to capture a handshake and then spend some time between 30 seconds to 10^30 times the lifespan of the universe to crack the key. That certainly is a substantial security benefit, and is therefore not Security Theater.


In addition to the greats answers already posted, I would add that having people on your WiFi is not only a threat to the confidentiality of your exchanges.

It is also a threat to your endpoints, since the attacker can now access all sorts of devices that would be otherwise not exposed from the outside (IoT, printers, computers themselves, NAS, servers and so on). Any vulnerability on those endpoints would end up in a breach, and then lateral movement gets you in trouble.

So you want people out of your network:

  1. To avoid sniffing - but you are correct in saying that using VPN or similar would get you secure from that threat
  2. And also to avoid plain & direct attacks on things that would be otherwise inaccessible from the outside!

Tags:

Wifi

Security Theater

Related

Is it safe to pay bills over satellite internet? Why are KDFs slow? Is using a KDF more secure than using the original secret? Is storing files under a web server root unsafe if it is handled by PHP and blocked by the web server site configuration file? SSH from a shared workplace computer How can I verify my browser/OS's top level certificate? Should I be able to see patterns in a HS256 encoded JWT? Why do many websites hide input when entering an OTP? Can A chain of exploits count as a CVE? Why using the premaster secret directly would be vulnerable to replay attack? Should the average user with no special access rights be worried about SMS-based 2FA being theoretically interceptable? Difference in ECDSA private key format Is there a way to hide HTML source code yet keeping it effective?

Recent Posts