Wpa vs Wpa2
Download as PPTX, PDF6 likes4,086 views
WPA and WPA2 are security protocols for wireless networks. WPA2 improved upon WPA by supporting stronger AES encryption instead of TKIP, separating authentication from encryption, and being more secure against attacks. Specifically, WPA2 uses 128-bit AES encryption, whereas WPA only supports the weaker TKIP encryption. Theoretically, WPA2 cannot be hacked while WPA remains vulnerable to certain attacks.
![References
• [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first
century: a perspective.
• Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638.
• [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control
(MAC) and Physical Layer
• Specification. IEEE Computer Society.
• [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal
Wireless Communications,
• 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428.
• [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b
wireless LAN. Electrical and
• Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336.
• [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key
scheduling algorithm of RC4.
• Eighth Annual Workshop on Selected Areas in Cryptography. Toronto,
Canada.](https://image.slidesharecdn.com/wpavswpa2-150919082432-lva1-app6892/85/Wpa-vs-Wpa2-30-320.jpg)
Wpa vs Wpa2
- 1. Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
- 2. Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
- 3. WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
- 4. WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
- 5. WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
- 6. WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
- 7. WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
- 8. 802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
- 9. 802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
- 11. EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
- 13. EAP standards
- 14. WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
- 15. ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
- 16. ICV
- 17. MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
- 18. Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
- 19. WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
- 20. TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
- 21. WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
- 22. WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
- 23. WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
- 24. WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
- 25. WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
- 26. WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
- 28. Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
- 29. Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
- 30. References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.