This study addresses the threat posed by large-scale quantum computers to WPA-Enterprise authentication security and presents the first systematic evaluation of post-quantum cryptography (PQC) in a real-world enterprise Wi-Fi environment. Leveraging a testbed built on FreeRADIUS and hostapd, the work assesses the performance overhead and security strength of PQC algorithms—including ML-DSA, Falcon, and ML-KEM—during the authentication process, while introducing a session resumption mechanism to mitigate latency. Experimental results demonstrate that the combination of ML-DSA-65 or Falcon-1024 with ML-KEM achieves a favorable balance between security and efficiency, and that session resumption significantly reduces authentication delay, thereby validating the practical feasibility of PQC deployment in enterprise networks. The study also proposes a novel perspective for classifying PQC-related vulnerabilities according to the urgency of quantum threats.

The advent of large-scale quantum computers poses a significant threat to contemporary network security protocols, including Wi-Fi Protected Access (WPA)-Enterprise authentication. To mitigate this threat, the adoption of Post-Quantum Cryptography (PQC) is critical. In this work, we investigate the performance impact of PQC algorithms on WPA-Enterprise-based authentication. To this end, we conduct an experimental evaluation of authentication latency using a testbed built with the open-source tools FreeRADIUS and hostapd, measuring the time spent at the client, access point, and RADIUS server. We evaluate multiple combinations of PQC algorithms and analyze their performance overhead in comparison to currently deployed cryptographic schemes. Beyond performance, we assess the security implications of these algorithm choices by relating authentication mechanisms to the quantum effort required for their exploitation. This perspective enables a systematic categorization of PQ-relevant weaknesses in WPA-Enterprise according to their practical urgency. The evaluation results show that, although PQC introduces additional authentication latency, combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off between security and performance. Furthermore, we demonstrate that the resulting overhead can be effectively mitigated through session resumption. Overall, this work presents a first real-world performance evaluation of PQC-enabled WPA-Enterprise authentication and demonstrates its practical feasibility for enterprise Wi-Fi deployments.