2010
2018
WPA3
Wireless security has been part of the 802.11 evolution from the beginning. Like all forms of security, it has been enhanced many times over the last two decades.
1997
WEP (Wired Equivalent Privacy) as part of 802.11 standard
2015
Click router to continue
AS1yEHCyXSQ4iEHM1+jAF8BIdCX0hai0ip4bFN+22rYFPTudvoEfmzwYmPx95wFWhvZCOmo3hTfqKgmgByPZGQ==EndFragment
Encrypting data is critical because a wireless network broadcasts data using radio waves. Encryption requires that the user has a secret key, a password, or a pass phrase. The encrypting algorithm uses that key to encrypt the data. A matching key then decrypts the data back into plaintext.
Credit Card - Visa
1234-4567-6789-1234
Exp: 07/27 Code 123
Encryption
Encryption
Authentication
Data Integrity
Key Management
SSID
SSID
Introduction
TKIP
CCMP
Data Integrity
WEP (Wired Equivalent Privacy) was incorporated into 802.11 a and 802.11b. WEP encrypts traffic using a 64- or 128-bit key. This is a static key—a single key that never automatically changes or rotates encrypts ALL traffic. The first twenty-four bits of the key comes from the system and is called an initialization string. Unfortunately, this string was easily discovered.
Check WEP-104 Key
Hex = A23BF90CEF
ACII = G00d#
click each button below
WEP uses a stream cipher RC4 for encryptionThe two WEP standards were WEP-40 and WEP-104In WEP-40, a 40-bit WEP key is concatenated with a 24-bit initialization vector to generate a 64-bi RC4 keyIn WEP-104, a 104-bit WEP key is concatenated with the 24-bit initialization vector to generate a 128-bit RC4 key
WEP
Hex = 0277DEE8900624390DEC
ACII = HEllow0rld
Check WEP-40 Key
WPA/WPA2
WPA
WPA3
WPA (Wi-Fi Protected Access) replaced WEP. WPA, then WPA2, and now WPA3 use a more advanced encryption algorithm. AES (Advanced Encryption Standard) extended the key sizes and introduced a more powerful crytographic algorithm.
AES symmetric keys can be three different lengths (128, 192, or 256 bits)AES requires keys (passwords) that are longer pass phrases (128 - 256 bits)IThe ASCII pass phrase has to be between 32 - 64 characters
128-bit key
32 hex characters
16 ascii characters
256-bit key
64 hex characters
32 ascii characters
An SSID is case sensitive and can have from 2 - 32 characters
Configure the router to NOT broadcast the SSID, and it will not show up on the available list of networks. However, a hacker can easily find non-broadcasted SSIDs.
Note: computers and smart phones can remember SSIDs for future use.
The Service Set Identifier, or SSID, is the name of the wireless network. Access points and wireless networks broadcast their SSIDs. The user sees the SSID’s for the Wi-Fi networks within range of her device. A device can easily connect to a network SSID that does not have security options enabled.
Click here
Cick on router to continue
Click here
CCMP uses the AES cipher to encrypt sensitive data. It employs 128-bit keys and a 48-bit initialization vector (IV), also known as a CCM nonce block, to detect replays and minimize vulnerability to replay attacks. CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP).
click each button to find out the two main components of CCMP
Component 1
CBC-MAC
(Cipher Block Chaining Message Code):
provides data integrity and authentication
Counter Mode:
provides data privacy
CCMP
Component 2
Key Management
WEP
WPA incorporates a message integrity check nicknamed “Michael.” Although safer than the CRC-32 checksum used for similar integrity checks in WEP, it still has its weaknesses. TKIP is employed to confirm the authenticity of packets in WPA. Additionally, a frame counter is used in WPA to avoid man-in-the-middle attacks. MIC prevents attacks known as bit-flip attacks on encrypted packets.
Data integrity means that data has not been tampered with or altered. The most common approach is to use a hash function that combines all the bytes in the message with a secret key and produces a message digest that is difficult to reverse.
Wireless standards use a variety of hashing algorithms. Early wireless message integrity used sum checks. This has evolved over the years to incorporate some the most advanced hashing algorithms. EndFragment
CRC
+
Encrypted Data
=
Click on each security protocol to see how it handles integrity
Plaintext Data
WEP performs a 32-bit cyclic redundancy check (CRC) checksum operation on the message. WEP calls this the integrity check value and concatenates it to the end of the plaintext message.
A secret key is concatenated to the end of the initialization vector (IV). An exclusive OR operation (XOR) between the plain text message plus CRC combination and the key stream is performed. The result is the cipher text.EndFragment
IV + Secret Key
The frame counter changes with every frame
Temporal Key
RC4
CCMP Algorithm
WPA2/WPA3
13-bit Nonce
XOR
Frame Counter
<
Plaintext Message
Ciphertext
Encrypted MIC
Pass Phrase
WPA2 and WPA3 improved message integrity by introducing AES with CCMP. This makes it more difficult for attackers listening in on the network to use patterns for cracking encryption. CCMP has three inputs:the dataa security keya nonceThe nonce is a 13-octet string constructed using the security control, the frame counter, and the source address fields. CCMP uses the nonce as part of its algorithm. The value of the nonce is never the same for two different messages using the same security key, because the frame counter is incremented every time a new frame is transmitted. The use of the nonce ensures freshness of the received frame. This prevents a man-in-the-middle intruder.
Plaintext
Frame Hash
Wi-Fi protected access (WPA) improved WEP authentication by enhancing key size and management. WPA introduced the temporal key integrity protocol (TKIP) for encryption, which dynamically modifies the keys used. TKIP incorporated key mixing functions that increased the key complexity and made it more difficult for attackers to decode. WPA used both open and shared authentication in addition to introducing new forms of authentication: Enterprise Authentication using a central server and Extensible Authentication Protocol (EAP) to exchange authentication credentials.
Authenticate (success)
AP
WPA2 operates on two modes — personal (pre-shared key or PSK) mode or enterprise (EAP/Radius) mode. As the name suggests, personal (PSK) is designed for home use while the enterprise mode is typically deployed in a corporate environment. The big improvement was that both modes rely on AES and CCMP over TKIP. This makes it more difficult for attackers listening in on the network to spot patterns. AES required longer keys and a more complex encryption algorithm.
WPA2
Shared or Mandatory —Wireless access requires user to authenticate using a shared WEP key.
Authentication
WPA3 strengthens resilience to brute force attacks even for weak or short passwords. It replaces the WPA2-PSK with WPA3 Simultaneous Authentication of Equals (SAE), a secure password-authenticated key exchange method. WPA3-SAE does not transmit the password hash in clearcode and limits the number of guesses an attacker can make.
Click on each security protocol to see how it handles authentication
Authenticate (request)
User authentication verifies the identity of a user attempting to gain access to a wireless network to confirm a user's authenticity. It is a login procedure where the Wi-Fi network requests personalized credentials to give authorized access. If a user lacks the proper login rights, his or her authentication fails. There are three main methods of authentication used in today's wireless LANs:Open AuthenticationShared Authentication (PSK)EAP (Extensible Authentication Protocol) Authentication
WEP only offer two options for authentication: (click on each STA button)Open — No WEP key is needed so authentication is NOT required
Increased key complexity
Authenticate (challenge)
WEP Shared Key Verified
STA
WEP Shared Key Set
Authenticate (response)
Deploying and maintaining wireless or mobile computing comes with many security concerns—every user is sending and receiving information across the airways and anyone with the proper tool can intercept and access that information.
Good morning, Alice. Can you send me the account number to complete the purchase?
<
message received:
click to continue>>
Account number: 1234 1234 1234 1234 security code is 999
Added a mechanism to distribute and change the broadcast keys
No protection against message replay
Initialization Vector (IV) too short and not protected from reuseIV susceptible to weak key attacks (FMS attack)
Increased the size and constrution of the IV
Click on each WEP security weakness to see its TKIP fix.
Added a Message Integrity Check (MIC)
No effective detection of message tampering
TKIP is a “wrapper” that goes arount the existing WEP encryption. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128-bits long. This solves the too-short key length problem of WEP.
Changed the encryption key for every frame
No built-in provision to update the keys
Key Management
ringbbb
ringaaa
Click here to continue
Key management automatically changes the key at a specified interval. The highest level uses a new key for every packet transmitted.