SlideShare a Scribd company logo

WPA2 Wireless Security Standard Explained

Download as PPTX, PDF
Tushar Anand
Tushar Anand

This document discusses wireless security using WPA2. It begins by describing the types of wireless security including open networks, WEP, WPA, and WPA2. It then provides an overview of WPA2, including how it uses AES for encryption and integrity checking. The document compares WEP, WPA, and WPA2 and describes WPA2 authentication in personal and enterprise modes. It details how WPA2 generates keys through a 4-way handshake and uses AES in counter mode for encryption and CBC-MAC for integrity. The document concludes by discussing benefits and vulnerabilities of WPA2 as well as procedures to improve wireless security.

Education
1 of 22
WIRELESS SECURITY USING WPA2 BY : TUSHAR ANAND KUMAR ECE-”D”, REGD. NO.: 1151016015
CONTENTS • Types of security in WLAN • Comparison of WEP,WPA,WPA2 • Evolution of wireless security standards • WPA 2 authentication ,encryption & decryption • Benefits & vulnerabilities • Solutions & conclusion
TYPES OF SECURITY IN WLAN • OPEN : No security configured X • WEP : Wired Equivalent privacy X • WPA: Wi-Fi Protected Access • WPA2: Advance Wi-Fi Protected Access
WIRELESS SECURITY STANDARDS
WPA2 OVERVIEW • Wi-Fi Protected Access 2 • Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i • Uses Advance Encryption Standard (AES) protocol • AES in Counter-Mode for encryption • AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
WI-FI PROTECTED ACCESS 2 Table: two types of WPA2
COMPARING WEP, WPA ,and WPA 2
AUTHENTICATION Two types of authentication • Personal mode • Enterprise mode
PERSONAL MODE AUTHENTICATION • Authentication performed between client and access point • PSK(Pre Shared Key) & SSID(Service Set Identification) is used • AP generates 256 bit from plain text pass phrase • PMK(Pairwise Master Key) is generated after authentication
ENTERPRISE MODE AUTHENTICATION • • Based on IEEE 802.1x standard Authentication performed between :- 1. Client 2. Access Point 3. Authentication Server • After authentication MK(Master Key) Is generated
WPA 2 KEY GENERATION • 4 way handshake initiated by AP • Confirms client’s knowledge of PMK in personal mode & MK in enterprise mode • Pairwise Transient Key created at client’s • Fresh PTK is derived at AP 1. Key confirmation key 2. Key encryption key 3. Temporal key
WPA 2 KEY GENERATION • Install encryption and integrity key • Control port are unblocked
WPA2 ENCRYPTION • Two Process happens 1. Data encryption 2. Data integrity • AES is used in encryption & authentication is a block symmetric cipher • CCM is new mode of operation for block cipher • Two underlying modes of CCM  Counter mode(CTR) achieves data encryption  Cipher block chaining message authentication code(CBCMAC) to provide data integrity
MESSAGE INTEGRITY CODE(MIC) • IV(Initialization Vector) encrypted with AES & TK to produce 128 bit result • 128 bit result is XOR with next 128 bits of data • Result of XOR is continued until all IV are exhausted • At end,first 64 bits are used to produce MIC Figure :AES CBC-MAC
WPA2 ENCRYPTION • Counter mode algorithm encrypts the data with MIC • Initialize counter for first time or increment counter. • First 128 bits are encrypted using AES & TK to produce 128 bits. • XOR is performed on result and first message block to give an first encrypted block. • Repeat until all 128 bit of blocks has been encrypted. Figure: AES counter mode
WPA2 DECRYPTION • It works in reverse using same algorithm for encryption the counter value is derived. • By using the counter mode algorithm and TK , the MIC and decrypted data are found out. • The data is processed by CBC-MAC to recalculate MIC • If MIC does not match then packet is dropped otherwise data is sent to network stack and to client
BENEFITS OF WPA2 • Provides solid wireless security model(RSN) • Encryption accomplished by a block cipher • Block cipher used is Advanced Encryption Standard (AES) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Key-caching • Pre-authentication
WPA2 VULNERABILITIES  Can’t stand in front of the physical layer attacks: RF jamming Data flooding Access points failure  Vulnerable to the Mac addresses spoofing
PROCEDURES TO IMPROVE WIRELESS SECURITY  Use wireless intrusion prevention system (WIPS)  Enable WPA-PSK  Use a good passphrase  Use WPA2 where possible  Change your SSID every so often  Wireless network users should use or upgrade their network to the latest security standard released
FUTURE SCOPE • A new standard IEEE 802.1W task group(TG) approved in March,2005  Main Goals Improve security by protecting the management frames and also being able to identify Spoofed management frames normally used to launch DoS attack
THANK YOU!
REFRENCES • “Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)” Paul By Arana • “The Evolution of 802.11 Wireless Security” INF 795 - Kevin Benton • “Wireless LAN Security Issues and Solutions” by Pan Feng at 2012 IEEE Symposium on Robotics and Applications(ISRA) • Security Improvements of IEEE 802.11i 4-way Handshake Scheme by Xiaodong Zha and Maode Ma ©2010 IEEE

Recommended

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
WEP
WEPWEP
WEPSudeep Kulkarni
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 

Recommended

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
WEP
WEPWEP
WEPSudeep Kulkarni
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
802.1x
802.1x802.1x
802.1xakruthi k
 
RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network SecurityInformation Technology
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityAgris Ameriks
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 EncodingJonathan Francis Roscoe
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
Ch15
Ch15Ch15
Ch15raja yasodhar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Wi fi security
Wi fi securityWi fi security
Wi fi securityVirendra Thakur
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2Nzava Luwawa
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 

More Related Content

What's hot

WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 

What's hot (20)

WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
802.1x
802.1x802.1x
802.1x
 
RADIUS
RADIUSRADIUS
RADIUS
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Ipsec
IpsecIpsec
Ipsec
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 Encoding
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
 
Ch15
Ch15Ch15
Ch15
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 

Similar to WPA2 Wireless Security Standard Explained

4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-accessbhanu4ugood1
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
Security standard
Security standardSecurity standard
Security standardlyndyv
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 

Similar to WPA2 Wireless Security Standard Explained (20)

Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Wifi
WifiWifi
Wifi
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Iuwne10 S04 L02
Iuwne10 S04 L02Iuwne10 S04 L02
Iuwne10 S04 L02
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Security standard
Security standardSecurity standard
Security standard
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
802 11 3
802 11 3802 11 3
802 11 3
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
 
WEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxWEP .WAP WAP2.pptx
WEP .WAP WAP2.pptx
 
802.11i
802.11i802.11i
802.11i
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 

Recently uploaded

Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 

Recently uploaded (20)

Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 

WPA2 Wireless Security Standard Explained

  • 1. WIRELESS SECURITY USING WPA2 BY : TUSHAR ANAND KUMAR ECE-”D”, REGD. NO.: 1151016015
  • 2. CONTENTS • Types of security in WLAN • Comparison of WEP,WPA,WPA2 • Evolution of wireless security standards • WPA 2 authentication ,encryption & decryption • Benefits & vulnerabilities • Solutions & conclusion
  • 3. TYPES OF SECURITY IN WLAN • OPEN : No security configured X • WEP : Wired Equivalent privacy X • WPA: Wi-Fi Protected Access • WPA2: Advance Wi-Fi Protected Access
  • 5. WPA2 OVERVIEW • Wi-Fi Protected Access 2 • Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i • Uses Advance Encryption Standard (AES) protocol • AES in Counter-Mode for encryption • AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
  • 6. WI-FI PROTECTED ACCESS 2 Table: two types of WPA2
  • 7. COMPARING WEP, WPA ,and WPA 2
  • 8. AUTHENTICATION Two types of authentication • Personal mode • Enterprise mode
  • 9. PERSONAL MODE AUTHENTICATION • Authentication performed between client and access point • PSK(Pre Shared Key) & SSID(Service Set Identification) is used • AP generates 256 bit from plain text pass phrase • PMK(Pairwise Master Key) is generated after authentication
  • 10. ENTERPRISE MODE AUTHENTICATION • • Based on IEEE 802.1x standard Authentication performed between :- 1. Client 2. Access Point 3. Authentication Server • After authentication MK(Master Key) Is generated
  • 11. WPA 2 KEY GENERATION • 4 way handshake initiated by AP • Confirms client’s knowledge of PMK in personal mode & MK in enterprise mode • Pairwise Transient Key created at client’s • Fresh PTK is derived at AP 1. Key confirmation key 2. Key encryption key 3. Temporal key
  • 12. WPA 2 KEY GENERATION • Install encryption and integrity key • Control port are unblocked
  • 13. WPA2 ENCRYPTION • Two Process happens 1. Data encryption 2. Data integrity • AES is used in encryption & authentication is a block symmetric cipher • CCM is new mode of operation for block cipher • Two underlying modes of CCM  Counter mode(CTR) achieves data encryption  Cipher block chaining message authentication code(CBCMAC) to provide data integrity
  • 14. MESSAGE INTEGRITY CODE(MIC) • IV(Initialization Vector) encrypted with AES & TK to produce 128 bit result • 128 bit result is XOR with next 128 bits of data • Result of XOR is continued until all IV are exhausted • At end,first 64 bits are used to produce MIC Figure :AES CBC-MAC
  • 15. WPA2 ENCRYPTION • Counter mode algorithm encrypts the data with MIC • Initialize counter for first time or increment counter. • First 128 bits are encrypted using AES & TK to produce 128 bits. • XOR is performed on result and first message block to give an first encrypted block. • Repeat until all 128 bit of blocks has been encrypted. Figure: AES counter mode
  • 16. WPA2 DECRYPTION • It works in reverse using same algorithm for encryption the counter value is derived. • By using the counter mode algorithm and TK , the MIC and decrypted data are found out. • The data is processed by CBC-MAC to recalculate MIC • If MIC does not match then packet is dropped otherwise data is sent to network stack and to client
  • 17. BENEFITS OF WPA2 • Provides solid wireless security model(RSN) • Encryption accomplished by a block cipher • Block cipher used is Advanced Encryption Standard (AES) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Key-caching • Pre-authentication
  • 18. WPA2 VULNERABILITIES  Can’t stand in front of the physical layer attacks: RF jamming Data flooding Access points failure  Vulnerable to the Mac addresses spoofing
  • 19. PROCEDURES TO IMPROVE WIRELESS SECURITY  Use wireless intrusion prevention system (WIPS)  Enable WPA-PSK  Use a good passphrase  Use WPA2 where possible  Change your SSID every so often  Wireless network users should use or upgrade their network to the latest security standard released
  • 20. FUTURE SCOPE • A new standard IEEE 802.1W task group(TG) approved in March,2005  Main Goals Improve security by protecting the management frames and also being able to identify Spoofed management frames normally used to launch DoS attack
  • 22. REFRENCES • “Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)” Paul By Arana • “The Evolution of 802.11 Wireless Security” INF 795 - Kevin Benton • “Wireless LAN Security Issues and Solutions” by Pan Feng at 2012 IEEE Symposium on Robotics and Applications(ISRA) • Security Improvements of IEEE 802.11i 4-way Handshake Scheme by Xiaodong Zha and Maode Ma ©2010 IEEE