Assessing the Real-World Impact of Post-Quantum Cryptography on WPA-Enterprise Networks

TL;DR

This study evaluates the performance and security implications of integrating Post-Quantum Cryptography into WPA-Enterprise networks, demonstrating its practical feasibility despite some latency overhead.

Contribution

It provides the first real-world performance assessment of PQC algorithms in WPA-Enterprise, analyzing their impact on authentication latency and security.

Findings

PQC algorithms increase authentication latency but remain feasible for enterprise Wi-Fi.

Certain PQC combinations like ML-DSA-65 and Falcon-1024 offer a good security-performance balance.

Session resumption can mitigate PQC-induced overhead.

Abstract

The advent of large-scale quantum computers poses a significant threat to contemporary network security protocols, including Wi-Fi Protected Access (WPA)-Enterprise authentication. To mitigate this threat, the adoption of Post-Quantum Cryptography (PQC) is critical. In this work, we investigate the performance impact of PQC algorithms on WPA-Enterprise-based authentication. To this end, we conduct an experimental evaluation of authentication latency using a testbed built with the open-source tools FreeRADIUS and hostapd, measuring the time spent at the client, access point, and RADIUS server. We evaluate multiple combinations of PQC algorithms and analyze their performance overhead in comparison to currently deployed cryptographic schemes. Beyond performance, we assess the security implications of these algorithm choices by relating authentication mechanisms to the quantum effort required for their exploitation. This perspective enables a systematic categorization of PQ-relevant weaknesses in WPA-Enterprise according to their practical urgency. The evaluation results show that, although PQC introduces additional authentication latency, combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off between security and performance. Furthermore, we demonstrate that the resulting overhead can be effectively mitigated through session resumption. Overall, this work presents a first real-world performance evaluation of PQC-enabled WPA-Enterprise authentication and demonstrates its practical feasibility for enterprise Wi-Fi deployments.