No announcement yet.

WiFi - Encryption Mechanisms

  • Time
  • Show
Clear All
new posts

  • WiFi - Encryption Mechanisms

    Not using encryption when transmitting data over a wireless network makes data vulnerable to sniffing and can be captured with ease by an attacker. To prevent or at least mitigate this issue, encryption must be employed as a layer of security and is supported out-of-the-box by most products that support WiFi.

    Some commonly used encryption and authentication protocols in use include...

    Wired Equivalent Privacy (WEP)
    This kind of encryption is the oldest and arguably the weakest of the available encryption methods. This standard was introduced as the initial solution to wireless security as part of the 802.11b standard using the Rivest Cipher 4 (RC4) stream cipher but was quickly found to be flawed and highly vulnerable to attack. WEP was designed without input from the academic community, the public, and professional cryptologists. It provides no clearly defined method for key distribution other than preshared keys with cumbersome key management as a result. If an attacker is able to gather both cipher text and plain text he is able to analyze the information and uncover the key. The design of WEP makes it possible to passively uncover the key by sniffing traffic and using publicly available analyzing tools. Key generators implemented by different vendors are inconsistently and poorly designed, leading to vulnerabilities such as issues with the use of 40 bit keys when larger keys should be available. The Key-Scheduling Algorithm (KSA) have been shown to be vulnerable to multiple attacks. The Cyclic Redundancy Check (CRC32) in place to verify the integrity is flawed and with slight modifications packets may be modified without making packets invalid. Initialization Vectors (IVs) are only 24 bits in length, meaning that the entire pool of IVs can be exhausted by normal traffic load within a few hours. WEP is vulnerable to plaintext attacks through analysis of packets. Keys may be uncovered by means of packet analysis, allowing the attacker to create a decryption table. The protocol is also vulnerable to DoS attacks through the use of association and disassociation packets which are not authenticated by WEP.

    WEP was intended to achieve the following
    • Defeat eavesdropping on communications and attempts to reduce unauthorized disclosure of data.
    • Verify the integrity of data as it flows across the network.
    • Use a shared secret key to encrypt packets prior to transmission.
    • Provide confidentiality and access control in a lightweight, efficient system.

    WiFi Protected Access (WPA)
    This is the successor of WEP and was intended to address many of the problems that came with WEP encryption. In many ways it was successful and was a much stronger security protocol. WPA uses Temporal Key Integrity Protocol (TKIP), message integrity code (MIC), and Advanced Encryption Standard (AES) encryption. WPA was not expected to be bullet proof but was an upgrade that could be done in software without replacing hardware. TKIP improves on the WEP protocol, where a static key is used for every frame transmitted, by changing the key after every frame. This dynamic changing of keys makes WPA much more difficult to crack than WEP. Cracking WPA require a very different approach.

    Some issues with WPA includes
    • Weak keys chosen by the end user.
    • Packet spoofing
    • Authentication issues while using Microsoft Challange Handshake Authentication Protocol version 2 (MS-CHAPv2).

    WiFi Protected Access 2 (WPA2)
    WPA2 is the successor of WPA and was intended to address the problems that came with WPA. WPA2 is much stronger and uses tougher encryption in the form of AES and Counter Mode CBC-MAC Protocol (CCMP), also known as AES CCMP and is the encryption mechanism that replaced TKIP. CBC-MAC is the Cipher Block Chaining Message Authentication Code. This is detailed in the 802.11i amendment to the original 802.11 standard developed by Institute of Electrical and Electronics Engineers (IEEE) association.
    WPA2 Personal, much like the preshared key mode of other systems, relies on the input of a key from the end user where WPA2 Enterprise uses a server to perform key management and authentication for wireless clients. WPA2 Enterprise is often used with RADIUS and Diameter servers for centralized management.

    The standard also comes in versions that implement stronger systems such as Extensible Authentication Protocol (EAP), TKIP and EAS with longer keys.

    WPA2 Enterprise, also known as 802.1x, incorporates EAP standards as a way to strengthen the security as is most often implemented into the infrastructure of larger corporations where WPA2 Personal is often implemented in home or SOHO installations. TKIP is used as an enhancement to WPA over WEP. AES is a symmetric-key encryption used in WPA2 as a replacement to TKIP. EAP is incorporated into multiple authentication methods such as token cards, Kerberos and certificates. Lightweight Extensible Authentication Protocol (LEAP) is a proprietary authentication protocol for WLANs developed by Cisco. Remote Authentication Dial-In User Service (RADIUS) is a centralized authentication and authorization management system, also used for wireless. CCMP uses 128 bit keys with a 48 bit IV for replay detection.
    Certified Security Geek

  • #2
    WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. Thanks for your informative information Resheph.