12. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Wired Equivalent Privacy (WEP) encryption
• Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to
ensure that only authorized parties can view transmitted wireless information.
• WEP accomplishes this confidentiality by taking unencrypted plaintext and then
encrypting or “scrambling” it into a format that cannot be viewed by
unauthorized parties while being transmitted (called ciphertext).
• WEP relies on a secret key that is shared between the wireless client device and
the AP.
• The same secret key must be entered on the AP and on all devices before any
transmissions can occur, because it is used to encrypt any packets to be
transmitted as well as decrypt packets that are received.
• IEEE 802.11 WEP-shared secret keys must be a minimum of 64 bits in length.
Eng. Hashim Al Atefi
12
13. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Wireless Security Solutions
• As a result of the wireless security vulnerabilities in IEEE 802.11, many
businesses and organizations were forced to supplement or replace WEP with
other wireless security solutions. However, these were considered only
temporary fixes and still did not adequately address the two primary
weaknesses of wireless security, namely encryption and authentication.
• A unified approach to WLAN security was needed instead of trying to patch
isolated vulnerabilities.
• The two leading WLAN organizations, IEEE and the Wi-Fi Alliance, began
developing comprehensive security solutions.
• The results from the IEEE, known as 802.11i, served as the foundation for the
Wi-Fi Alliance’s Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2
(WPA2).
• WPA and WPA2 have become the foundations of wireless security today.
Eng. Hashim Al Atefi
13
14. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Wi-Fi Protected Access (WPA)
• As the IEEE continued its work on the 802.11i standard, the Wi-Fi Alliance in
2003 introduced Wi-Fi Protected Access (WPA).
• The design goal of WPA was to protect both present and future wireless
devices.
• WPA is a subset of 802.11i and addresses both encryption and
authentication.
Eng. Hashim Al Atefi
14
15. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Temporal Key Integrity Protocol (TKIP) Encryption
• WPA replaces WEP with an encryption technology called Temporal Key
Integrity Protocol (TKIP).
• WEP uses a 40-bit encryption key and does not change.
• TKIP has several advantages over WEP.
• First, it uses a longer 128-bit key.
• Also, TKIP keys are known as per-packet keys.
• This means that TKIP dynamically generates a new key for each packet that is
created. Per-packet keys prevent collisions, which were one of the primary
weaknesses of WEP.
Eng. Hashim Al Atefi
15
16. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Pre-shared Key (PSK) Authentication
• WPA authentication can be accomplished by using either IEEE 802.1x or pre-
shared key (PSK) technology.
• After the AP has been configured, each wireless client device must also have
the same key value entered to support PSK.
• As its name implies, a key must be created and entered into both the access
point and all wireless devices (“shared”) prior to (“pre”) the devices
communicating with the AP.
• When a wireless device attempts to connect to an access point that is using
PSK, the user is prompted for the key value.
Eng. Hashim Al Atefi
16
17. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
Wi-Fi Protected Access 2 (WPA2)
• In September 2004, the Wi-Fi Alliance introduced Wi-Fi Protected Access 2
(WPA2), which is the second generation of WPA security to address
authentication and encryption on WLANs.
• WPA2 is based on the final IEEE 802.11i standard ratified in June 2004. WPA2
uses the Advanced Encryption Standard (AES) for data encryption and
supports both PSK and IEEE 802.1x authentication.
Eng. Hashim Al Atefi
17
18. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
AES-CCMP Encryption
• Encryption under WPA2 is accomplished by using the block cipher Advanced
Encryption Standard (AES).
• Specifically, AES-CCMP is the encryption protocol standard for WPA2.
• CCMP is based on the Counter Mode with CBC-MAC (CCM) of the AES
encryption algorithm.
• CCM is the algorithm providing data privacy, whereas the Cipher Block
Chaining Message Authentication Code (CBC-MAC) component of CCMP
provides data integrity and authentication.
Eng. Hashim Al Atefi
18
19. Computer Network Security
Vulnerabilities of IEEE 802.11 Security
IEEE 802.1x Authentication
• WPA2 authentication is accomplished through PSK or by the IEEE 802.1x
standard.
• This standard, originally developed for wired networks, pro- vides a greater
degree of security by implementing port security. IEEE 802.1x blocks all traffic
on a port-by-port basis until the client is authenticated using credentials
stored on an authentication server.
• Port security prevents an unauthenticated device, either wired or wire- less,
from receiving any network traffic until its identity can be verified.
Eng. Hashim Al Atefi
19