SlideShare a Scribd company logo

Wpa vs Wpa2

Download as PPTX, PDF
Nzava Luwawa
Nzava Luwawa

WPA and WPA2 are security protocols for wireless networks. WPA2 improved upon WPA by supporting stronger AES encryption instead of TKIP, separating authentication from encryption, and being more secure against attacks. Specifically, WPA2 uses 128-bit AES encryption, whereas WPA only supports the weaker TKIP encryption. Theoretically, WPA2 cannot be hacked while WPA remains vulnerable to certain attacks.

Technology
1 of 30
Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
802.1x Authentication phase
EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
EAP WPA enterprise
EAP standards
WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
ICV
MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
802.11 security solutions
Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.

Recommended

WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
WPA 3
WPA 3WPA 3
WPA 3
diggu22
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 

Recommended

WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
WPA 3
WPA 3WPA 3
WPA 3
diggu22
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
dkaya
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
802.1x
802.1x802.1x
802.1x
akruthi k
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Dr Shashikant Athawale
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
Shivam Singh
 
Wlan security
Wlan securityWlan security
Wlan security
Upasona Roy
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
Anshuman Biswal
 
The constrained application protocol (CoAP)
The constrained application protocol (CoAP)The constrained application protocol (CoAP)
The constrained application protocol (CoAP)
Hamdamboy (함담보이)
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
Tom Isaacson
 

More Related Content

What's hot

Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
Anshuman Biswal
 

What's hot (20)

Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
802.1x
802.1x802.1x
802.1x
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wlan security
Wlan securityWlan security
Wlan security
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
Wlan security
Wlan securityWlan security
Wlan security
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
The constrained application protocol (CoAP)
The constrained application protocol (CoAP)The constrained application protocol (CoAP)
The constrained application protocol (CoAP)
 

Similar to Wpa vs Wpa2

Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
tardeep
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
cmstiernberg
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
ClubHack
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
al-sari7
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 

Similar to Wpa vs Wpa2 (20)

Wireless security837
Wireless security837Wireless security837
Wireless security837
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
WEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxWEP .WAP WAP2.pptx
WEP .WAP WAP2.pptx
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Wifi
WifiWifi
Wifi
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are you
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
lm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptxlm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptx
 

Recently uploaded

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 

Recently uploaded (20)

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 

Wpa vs Wpa2

  • 1. Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
  • 2. Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
  • 3. WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
  • 4. WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
  • 5. WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
  • 6. WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
  • 7. WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
  • 8. 802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
  • 9. 802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
  • 11. EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
  • 14. WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
  • 15. ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
  • 16. ICV
  • 17. MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
  • 18. Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
  • 19. WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
  • 20. TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
  • 21. WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
  • 22. WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
  • 23. WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
  • 24. WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
  • 25. WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
  • 26. WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
  • 28. Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
  • 29. Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
  • 30. References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.