SlideShare a Scribd company logo

Is WPA Still Secure or Time for WPA2

Download as PPTX, PDF
Nzava Luwawa
Nzava Luwawa

This is a research work concerning the differences between WPA and WPA2

Technology
1 of 30
Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
802.1x Authentication phase
EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
EAP WPA enterprise
EAP standards
WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
ICV
MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
802.11 security solutions
Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.

Recommended

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
WPA 3
WPA 3WPA 3
WPA 3diggu22
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 

Recommended

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
WPA 3
WPA 3WPA 3
WPA 3diggu22
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityShital Kat
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
WEP
WEPWEP
WEPSudeep Kulkarni
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 

More Related Content

What's hot

Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 

What's hot (20)

Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
WEP
WEPWEP
WEP
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
RADIUS
RADIUSRADIUS
RADIUS
 
802.1x
802.1x802.1x
802.1x
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 

Similar to Is WPA Still Secure or Time for WPA2

Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-accessbhanu4ugood1
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are youMarcus Dempsey
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 

Similar to Is WPA Still Secure or Time for WPA2 (20)

Wireless security837
Wireless security837Wireless security837
Wireless security837
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
WEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxWEP .WAP WAP2.pptx
WEP .WAP WAP2.pptx
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Wifi
WifiWifi
Wifi
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are you
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 

Recently uploaded

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Is WPA Still Secure or Time for WPA2

  • 1. Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
  • 2. Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
  • 3. WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
  • 4. WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
  • 5. WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
  • 6. WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
  • 7. WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
  • 8. 802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
  • 9. 802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
  • 11. EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
  • 14. WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
  • 15. ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
  • 16. ICV
  • 17. MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
  • 18. Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
  • 19. WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
  • 20. TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
  • 21. WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
  • 22. WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
  • 23. WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
  • 24. WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
  • 25. WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
  • 26. WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
  • 28. Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
  • 29. Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
  • 30. References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.