Apply wireless transmission security (WEP, WPA)

Resources | Subject Notes | Information Technology IT

IT 9626 - Communications Technology - Wireless Transmission Security

IT 9626 - Communications Technology

14. Wireless Transmission Security

This section details the methods used to secure wireless transmissions, focusing on WEP and WPA protocols. Understanding these protocols is crucial for protecting sensitive data transmitted over wireless networks.

WEP (Wired Equivalent Privacy)

WEP was the initial security protocol for Wi-Fi networks. It was designed to provide a level of security equivalent to wired Ethernet networks. However, WEP has significant vulnerabilities and is considered obsolete and insecure.

How WEP Works:

  1. WEP uses a keyed-hash message authentication code (HMAC) to verify the integrity of the data.
  2. A pre-shared key (PSK) is used to encrypt and decrypt the data.
  3. The PSK is shared between the wireless access point (WAP) and the wireless devices.

WEP Vulnerabilities:

  • IV Replay Attacks: WEP uses a Initialization Vector (IV) to randomize the encryption process. If the same IV is used multiple times, it can be exploited to decrypt the data.
  • Known-Plaintext Attacks: If an attacker can obtain a copy of the transmitted data and its corresponding cleartext, they can use this information to break the encryption key.
  • Weak Key Lengths: WEP supports key lengths of 64-bit, 128-bit, or 256-bit. The 64-bit key is particularly vulnerable.

WEP Encryption Process:

Step Description
1. Data The data to be transmitted.
2. IV The Initialization Vector, used to randomize the encryption.
3. Key The pre-shared key, used for encryption and decryption.
4. Encryption Algorithm (e.g., RC4) Encrypts the data using the IV and key.
5. HMAC Calculates a hash value to verify data integrity.
6. Encrypted Data + HMAC The final packet transmitted over the wireless network.

WPA (Wi-Fi Protected Access)

WPA was developed as a replacement for WEP to address its security vulnerabilities. WPA introduced TKIP (Temporal Key Integrity Protocol) to provide stronger encryption and authentication.

How WPA Works:

  1. WPA uses a combination of TKIP and/or AES encryption.
  2. TKIP: Provides encryption and integrity checks. It uses a different encryption key for each packet, making it more resistant to attacks.
  3. Pre-Shared Key (PSK): Still uses a pre-shared key for authentication.
  4. 802.1X Authentication: WPA can also be used with 802.1X authentication, which provides stronger authentication and authorization.

WPA Vulnerabilities:

  • TKIP Vulnerabilities: While stronger than WEP, TKIP has some vulnerabilities, such as the potential for packet poisoning attacks.
  • PSK Compromise: If the PSK is compromised, the network is vulnerable.

WPA2 (Wi-Fi Protected Access 2)

WPA2 is the successor to WPA and is considered a much more secure protocol. It uses AES (Advanced Encryption Standard) encryption, which is significantly stronger than TKIP.

How WPA2 Works:

  1. AES Encryption: WPA2 uses AES for both encryption and integrity checks. AES is a symmetric encryption algorithm that is widely considered to be very secure.
  2. Pre-Shared Key (PSK): Still uses a pre-shared key for authentication.
  3. 802.1X Authentication: WPA2 can also be used with 802.1X authentication.

WPA2 Vulnerabilities:

  • Dictionary Attacks: WPA2 is vulnerable to dictionary attacks, where attackers try to guess the PSK by trying common passwords.
  • KRACK Attack: A vulnerability in the WPA2 protocol that allows attackers to decrypt network traffic. This vulnerability has been largely mitigated through firmware updates.

WPA3 (Wi-Fi Protected Access 3)

WPA3 is the latest version of the WPA protocol and provides enhanced security features, including stronger encryption, improved protection against brute-force attacks, and enhanced privacy.

Key Features of WPA3:

  • SAE (Simultaneous Authentication of Equals): Provides forward secrecy, meaning that even if the PSK is compromised, past communications remain secure.
  • Stronger Encryption: Uses stronger encryption algorithms than WPA2.
  • Individual Data Encryption: Encrypts individual packets, rather than the entire session, making it more difficult for attackers to decrypt data.
  • Protected Management Frames: Protects management frames from eavesdropping and tampering.

Conclusion:

Wireless transmission security has evolved significantly from WEP to WPA and now WPA3. While WEP is obsolete and insecure, WPA2 and WPA3 offer much stronger protection. Choosing the right protocol and using strong passwords are essential for securing wireless networks.