WPA and WPA2 are security protocols for wireless networks. WPA2 improved upon WPA by supporting stronger AES encryption instead of TKIP, separating authentication from encryption, and being more secure against attacks. Specifically, WPA2 uses 128-bit AES encryption, whereas WPA only supports the weaker TKIP encryption. Theoretically, WPA2 cannot be hacked while WPA remains vulnerable to certain attacks.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Wpa vs Wpa2
1. Is WPA is still secure? Or maybe
you need to use WPA2?
Nzavatunga J.Luwawa
2. Topics
• WPA definition
• WPA encryption and authentication
• 802.1x
• WPA integrity and confidence
• WPA vulnerabilities
• WPA2
• Comparison between WPA and WPA2
• Summary
• Reference
3. WPA (Wi-Fi Protected Access)
• Developed by the Wi-Fi Alliance to secure
wireless computer networks
• It was adopted in 2003 to solve weakness in WEP
• Standardized in IEEE 802.11i
• Increased in safety: encryption 256 bits
• Known as TKIP(Temporal key Integrity)
• It uses RC4 encryption to secure the data
• It uses the MIC and frame counter to verify the
integrity of the data.
4. WPA Encryption and authentication
• WPA introduced new authentication protocol,
improved integrity protection measure and per-
packets
- To provide stronger authentication than in WEP
- To prevent spoofing attacks(i.e. bit flopping on
WEP CRC)
- To prevent FM-style attacks.
5. WPA Encryption and authentication
WPA Encryption and authentication methods are:
• WPA personal(PSK)
• WPA enterprise(802.1x +Radio)
6. WPA Personal
• Designed for SOHO-small
office/Home office
• Uses PSK(Pre-shared
Key)passphrase shared
between AP and the user
• Authentication is made by the
AP
• Key is manually configured in
each equipment in network
• Key varies from 8 to 63
characters ASCII
7. WPA Enterprise
• Designed to authenticate individual users
to an external server via username and
password.
• Infrastructure is formed by a protocol
which uses a 802.1X server in conjunction
with EAP(Extensible Authentication
Protocol)
8. 802.1x
• Communication protocol used between the AP
and the authentication server
• When a client requests authentication, the
authentication server checks in its database if
the credentials presented by the petitioner are
valid, and if so the client is authenticated and a
key called Master Session Key (MSK) is sent to
you.
• Most often, it is used as the authentication
server a RADIUS server
9. 802.1x Phase
• 1. Mutually authenticate
STA and AS
• 2. Generate Master Key
(MK) as a side effect of
authentication
• 3. Generate pairwise MK
as an access authorization
token
• 4. Generate 4 keys for
encryption/integrity
11. EAP(Extensible Authentication Protocol)
Is responsible for creating a logical channel secure
communication between the client (supplicant) and the
authentication server, where the credentials will travel on.
• Physically, the client communicates with the
AP through EAPoL protocol (Extensible Authentication
Protocol over LAN).
• AP communicates with the authentication server
through 802.1x protocol
15. ICV (Integrity check value)
• The ICV is a typical CRC added to the
original message before encryption be
performed
• a client (or AP) decodes and calculates the
the CRC-32 of the message, providing it with
the CRC-32 informed the ICV field. If they
are different, the message is discarded.
17. MIC(Message Integrity Code)
• New verification code message
• Used to check whether the contents of a data
frame has changes for errors transmitting or
manipulating data
• Uses 64 bits while WEP
• The MIC is obtained through an algorithm known
as Michael.
18. Integrity
• So integrity is represented by a total of 12 bytes
8 generated by Michael and 4 CRC-32
19. WAP confidence/ TKIP
• TKIP (Temporal Key Integrity Protocol)
• Designed to solve WEP weakness
• Initialization vector has 48 bits
• TKIP uses existing RC4 but avoids some of the
worst WEP’s problems.
• Almost impossible to have reutilization of
vector
• TKIP is based on the concept of temporal keys, or the
key is used for while and then dynamically replaced.
20. TKIP
TKIP corrects the following previous WAP flaws:
• IV (Initialization Vector) selection and use: as
counter (sequence number)
• Per-packet key mixing
• Increase the size of IV.
• Key management.
21. WPA vulnerabilities
• Weakness in the key
combination
algorithm
• PSK is vulnerable to
eavesdropping and
dictionary attack.
• TKIP vulnerability
allows attacker to
guess IP address of
the subnet.
22. WPA2
• Has replaced WPA
• Was adopted in 2004
• From March 13, 2006, WPA2 certification is
mandatory for all new devices to bear the Wi-Fi
trademark
• it introduces CCMP, a new AES-based encryption
mode with strong security
• Enhanced the integrity
23. WPA2 Authentication
• WPA2 separates the user authentication from the
message integrity and privacy, which makes it
provide more flexibility
• The authentication in the WPA2 Personal mode
doesn’t require having an authentication server.
• WPA2 Enterprise mode consists of the following
components :
24. WPA2 Encryption
• WPA2 uses AES with a key length of 128 bit to
encrypt data.
• The AES uses Counter-Mode/CBC-MAC Protocol
(CCMP)
• The CCMP uses the same key for both encryption
and authentication, but different initialization
vector.
25. WPA2 Pros
The WPA2 has immunity against many types of
hacker attack like:
• Man-in-the-middle.
• Authentication forging.
• Replay.
• Key collision.
• Weak keys.
• Packet forging.
• Brute force/dictionary attacks.
28. Summary
1.WPA2 is the improved version of WPA
2.WPA only supports TKIP encryption while
WPA2 supports AES
3.Theoretically, WPA2 is not hackable
while WPA is
4.WPA2 requires more processing power
than WPA
29. Questions
1. what is WPA?
2. What are the difference between WPA
and WPA2?
3. What is WPA Personal?
4. How many bit AES Encryption contains?
30. References
• [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first
century: a perspective.
• Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638.
• [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control
(MAC) and Physical Layer
• Specification. IEEE Computer Society.
• [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal
Wireless Communications,
• 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428.
• [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b
wireless LAN. Electrical and
• Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336.
• [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key
scheduling algorithm of RC4.
• Eighth Annual Workshop on Selected Areas in Cryptography. Toronto,
Canada.