Wireless Security Protocols-WPA

Wireless Security protocols is always be a concern and in Wi-Fi Technology Security will play an important role in corporate network. As we all know that Wi-Fi works on signal strength, and we can not control the signal to spread. So, it is very easy to connect with your Wi-Fi network and hack your network if you do not have strong Security on Wireless network.

(Disclaimer : This blog is only for educational and informational Purpose only. We believes that everyone is aware about technology, Security, Ethical Hacking, Cyber Security and how to avoid such risks. All our blogs have been made using our own knowledge, experience, server, lab etc. It does not contain any illegal activities. Our sole purpose is to share our knowledge only. Any related word, things, activity, example are simply coincidence only. Kbrosis Technologies is not responsible for misuse of provided information).

 

Wireless Security Protocol – Options

No Encryption/ WEP Encryption/open Authentication − These are not very secure approaches and should not be used under any circumstances.

TKIP Encryption − This encryption model is used in WPA deployments. It has not yet been cracked, but TKIP is not considered as strong mean of encryption, due to the use of weaker RC4 algorithm.

CCMP Encryption − This is used with WPA2. So far, it is considered the safest encryption model that is based on not-breakable (at least for today) AES algorithm.

What is Wireless Security Encryption

Wireless security encryption is used to secure the authentication by providing the connection with a strong password or security key.  Wireless security encryption plays an important role of providing safety, ensuring privacy, and allowing only authorized and authenticated access to Wireless networks.

Types of Wireless Encryption

There are 2 types of encryption algorithms: Stream Cipher and Block Cipher.

Stream Cipher − It converts plaintext into cyphertext in a bit-by-bit fashion.

Block Cipher − It operates on the fixed-size blocks of data.

The most common encryption algorithms are:

 

Types of Wireless Security Encryption Protocols:

Wireless security encryption is mainly divided into four main types:

  • Wired Equivalent Privacy Protocol (WEP)
  • Wi-Fi Protected Access Protocol (WPA)
  • Wi-Fi Protected Access 2 Protocol (WPA2)
  • Wi-Fi Protected Access 3 Protocol (WPA3)
Wired Equivalent Privacy Protocol (WEP)

Wired Equivalent Privacy Protocol or WEP, was initially originated in the 1999 and is considered the standard for wireless security encryption. WEP was not much strong and due to its weakness it was retired in 2004.

WEP uses Pre-Shared Key Authentication with Wired Equivalent Privacy ( PSK+WEP), INITILIZATION VECTOR.

WEP involve the key size. Three key lengths can be used:

■ 40-bit key

■ 104-bit key

■ 128-bit key

the key is combined with an initialization vector (IV), which is 24 bits. An IV is a block of bits that is used to produce a unique encryption key. When you add the 24-bit IV to the 40-bit key, the resulting size is 64 bits. When you combine the 24-bit IV with the 104-bit key, the result is 128 bits. When you combine the 24-bit IV with the 128-bit key, the result is 152 bits. ( Window will support till 128 bit, if we use 152 bit authentication will fails).

WEP was the first wireless “secure” model that was supposed to add authentication and encryption. It is based on RC4 algorithm and 24 bits of Initialization Vector (IV). This is the biggest drawback of the implementation that leads to WEP being crack able within a few minutes, using the tools that anyone can have installed on their PCs. 

Wi-Fi Protected Access Protocol (WPA)  

WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP. WPA uses Temporal Key Integrity Protocol (TKIP) to automatically change the keys. WPA was developed to use TKIP and a larger IV than WEP.

WPA offers two authentication modes:

  • Enterprise mode: Enterprise mode WPA requires an authentication server. RADIUS is used for authentication and key distribution, and TKIP is used with the option of AES available as well.
  • Personal mode: Personal mode WPA uses Pre-Shared keys, making it the weaker option, but the one that is most likely to be seen in a home environment.

Authentication beginning

  1. At the beginning of negotiations, the client and AP must agree on security capabilities.
  1. After the two agree on the same level of security, the 802.1x process starts. This is the standard 802.1x process, as outlined previously. After successful 802.1x authentication, the authentication server derives a master key and sends it to the AP. The same key is derived from the client. Now the client and the AP have the same Pairwise Master Key (PMK), which will last for the duration of the session.
  1. a four-way handshake occurs in which the client and authenticator communicate and a new key called a Pairwise Transient Key (PTK) is derived. This key confirms the PMK between the two, establishes a temporal key to be used for message encryption, authenticates the negotiated parameters, and creates keying material for the next phase, called the two-way group key handshake.
  1. When the two-way group key handshake occurs, the client and authenticator negotiate the Group Transient Key (GTK), which is used to decrypt broadcast and multicast transmissions.
  1. AP first generates a random number and sends it to the client. The client then uses a common passphrase along with this random number to derive a key that is used to encrypt data to the AP.
  2. The client then sends its own random number to the AP, along with a Message Integrity Code (MIC), which is used to ensure that the data is not tampered with.

 

Wi-Fi Protected Access 2 Protocol (WPA2) 

WPA2 was designed to use AES encryption. WPA was designed based on the 802.11a draft but was released in 2003, whereas 802.11i was released in 2004. By the time 802.11i was ratified, it had added more support for 802.1x methods and AES/CCMP for encryption. The Wi-Fi Alliance then released WPA2 to be compatible with the 802.11i standard.

It was mentioned that AES is used for encryption. Advanced Encryption Standard-Cipher Block Chaining Message Authentication Code Protocol (AES/CCMP) still uses the IV and MIC, but the IV increases after each block of cipher.

Comparing WPA to WPA2 :

  • WPA mandates TKIP, and AES is optional.
  • WPA2 mandates AES and doesn’t allow TKIP.
  • WPA allows AES in its general form.
  • WPA2 only allows the AES/CCMP variant.
  • With WPA2, key management allows keys to be cached to allow for faster connections.

To configure WPA2, from the WLANs > Edit, Then select the authentication key management option; the choices are 802.1x, CCKM, PSK, and 802.1X+CCKM.

Wi-Fi Protected Access 3 Protocol (WPA3)

WPA3 (Wi-Fi Protected Access 3) is the third generation of Wi-Fi security protocols designed to enhance the security of wireless networks. It is the enhanced version of  WPA2 (Wi-Fi Protected Access 2) and purpose is to mitigate some of the vulnerabilities and weaknesses found in previous protocols like WPA2.

Some key features in WPA3

  • Enhanced Encryption: WPA3 introduce the lates encryption standard called 256-bit Galois/Counter Mode protocol (GCMP-256), which can provide higher security than TKIP used in WPA-2.
  • Protection against Brute=Force Attack:  WPA3  introduce another  security feature called Simultaneous Authentication of Equals (SAE), also known as Dragonfly. it is  a secure key exchange protocol that protects against offline dictionary attacks.
  • Secure Public WiFi Network : WPA3 introduces the “Opportunistic Wireless Encryption” which enhanced public WiFi security.

Read this also: .https://techblog.kbrosistechnologies.com/wireless-security-attacks-risk/

WEP vs WPA vs WPA2

There are three widely known security standards in the world of wireless networking. The biggest difference between those three, are the security model they can provide.

 

Visit to our site : https://www.kbrosistechnologies.com/

Watch more Video  https://www.youtube.com/channel/UCpcd6IshE1caAbf9EdJd3gw 

https://www.youtube.com/channel/UCTbOmLTSlHggEBkt5wFGNRA

FAQ

Q. What is WEP?

A. Wired Equivalent Privacy Protocol or WEP, was initially originated in the 1999 and is considered the standard for wireless security encryption. WEP was not much strong and due to its weakness it was retired in 2004.

Q. What is WPA?

A. WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP. WPA uses Temporal Key Integrity Protocol (TKIP) to automatically change the keys. WPA was developed to use TKIP and a larger IV than WEP.

Q. What is WPA2?

A. WPA2 was designed to use AES encryption. WPA was designed based on the 802.11a draft but was released in 2003, whereas 802.11i was released in 2004. By the time 802.11i was ratified, it had added more support for 802.1x methods and AES/CCMP for encryption. The Wi-Fi Alliance then released WPA2 to be compatible with the 802.11i standard.

Q What is WPA3?

A.WPA3 (Wi-Fi Protected Access 3) is the third generation of Wi-Fi security protocols designed to enhance the security of wireless networks. It is the enhanced version of  WPA2 (Wi-Fi Protected Access 2) and purpose is to mitigate some of the vulnerabilities and weaknesses found in previous protocols like WPA2.

Please Share