The advent of large-scale quantum computers poses a significant threat to contemporary network security protocols, including Wi-Fi Protected Access (WPA)-Enterprise authentication. To mitigate this threat, the adoption of Post-Quantum Cryptography (PQC) is critical. In this work, we investigate the performance impact of PQC algorithms on WPA-Enterprise-based authentication. To this end, we conduct an experimental evaluation of authentication latency using a testbed built with the open-source tools FreeRADIUS and hostapd, measuring the time spent at the client, access point, and RADIUS server. We evaluate multiple combinations of PQC algorithms and analyze their performance overhead in comparison to currently deployed cryptographic schemes. Beyond performance, we assess the security implications of these algorithm choices by relating authentication mechanisms to the quantum effort required for their exploitation. This perspective enables a systematic categorization of PQ-relevant weaknesses in WPA-Enterprise according to their practical urgency. The evaluation results show that, although PQC introduces additional authentication latency, combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off between security and performance. Furthermore, we demonstrate that the resulting overhead can be effectively mitigated through session resumption. Overall, this work presents a first real-world performance evaluation of PQC-enabled WPA-Enterprise authentication and demonstrates its practical feasibility for enterprise Wi-Fi deployments.

翻译：大规模量子计算机的出现对包括Wi-Fi保护接入（WPA）-Enterprise认证在内的当代网络安全协议构成了重大威胁。为应对此威胁，采用后量子密码学（PQC）至关重要。本研究探讨了PQC算法对基于WPA-Enterprise认证的性能影响。为此，我们使用开源工具FreeRADIUS和hostapd构建测试平台，通过测量客户端、接入点和RADIUS服务器所耗时间，对认证延迟进行了实验评估。我们评估了多种PQC算法组合，并分析了其相较于当前部署的密码方案所产生的性能开销。除性能外，我们通过将认证机制与破解所需量子计算资源相关联，评估了这些算法选择的安全影响。该视角使我们能够根据实际紧迫性，对WPA-Enterprise中与后量子密码相关的弱点进行系统分类。评估结果表明，尽管PQC会引入额外的认证延迟，但ML-DSA-65和Falcon-1024与ML-KEM结合使用的方案在安全性与性能之间实现了较优平衡。此外，我们证明通过会话恢复机制可有效缓解由此产生的开销。总体而言，本研究首次对支持PQC的WPA-Enterprise认证进行了实际性能评估，并论证了其在企业Wi-Fi部署中的实践可行性。