14.2 Wireless Encryption
Types of Wireless Encryption
- WEP:
- WEP is an encryption algorithm for IEEE 802.11 wireless networks.
- It is an old and original wireless security standard which can be cracked easily.
- WPA:
- It is an advanced wireless encryption protocol using TKIP, MIC, and AES encryption.
- Uses a 48 bit IV, 32 bit CRC and TKIP encryption for wireless security.
- WPA2:
- WPA2 uses AES (128 bit) and CCMP for wireless data encryption.
- EAP:
- Supports multiple authentication methods, such as token cards, Kerberos, certificates etc.
- WPA2 Enterprise:
- It integrates EAP standards with WPA2 encryption.
- TKIP:
- A security protocol used in WPA as a replacement for WEP.
- CCMP: CCMP utilizes 128-bit keys, with a 48-bit initialization vector (IV) for replay detection.
- AES:
- It is a symmetric-key encryption, used in WPA2 as a replacement of TKIP.
- 802.11i:
- It is an IEEE amendment that specifies security mechanisms for 802.11 wireless networks.
- RADIUS:
- It is a centralized authentication and authorization management system.
- LEAP:
- It is a proprietary WLAN authentication protocol developed by Cisco.
WEP Encryption
- What is WEP:
- Wired Equivalent Privacy (WEP) is an IEEE 802.11 wireless protocol which provides security algorithms for data confidentiality during wireless transmissions.
- WEP uses a 24-bit initialization vector (IV) to form stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity of wireless transmission.
- WEP encryption can be easily cracked:
- 64-bit WEP uses a 40-bit key
- 128-bit WEP uses a 104-bit key
- 256-bit WEP uses a 232-bit key
- It was developed without:
- Academic or public review
- Review from cryptologists
- WEP Flaws:
- It has significant vulnerabilities and design flaws.
How WEP Works
- CRC-32 checksum is used to calculate a 32-bit Integrity Check Value (ICV) for the data, which, in turn, is added to the data frame.
- A 24-bit arbitrary number known as Initialization Vector (IV) is added to WEP key; WEP key and IV are together called as WEP seed.
- The WEP seed is used as the input to RC4 algorithm to generate a key stream (key stream is bit-wise XORed with the combination of data and ICV to produce the encrypted data).
- The IV field (IV+PAD+KID) is added to the ciphertext to generate a MAC frame.
What is WPA?
- Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards.
- It is a snapshot of 802.11i (under development) providing stronger encryption, and enabling PSK or EAP authentication.
- TKIP (Temporal Key Integrity Protocol):
- TKIP utilizes the RC4 stream cipher encryption with 128-bit keys and 64-bit MIC integrity check.
- TKIP mitigated vulnerability by increasing the size of the IV and using mixing functions.
- 128-bit Temporal Key:
- Under TKIP, the client starts with a 128-bit "temporal key" (TK) that is then combined with the client's MAC address and with an IV to create a keystream that is used to encrypt data via the RC4.
- It implements a sequence counter to protect against replay attacks.
- WPA Enhances WEP:
- TKIP enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys.
- Temporal keys are changed for every 10,000 packets. This makes TKIP protected networks more resistant to cryptanalytic attacks involving key reuse.
How WPA Works
Temporal Keys
- In WPA and WPA2, the encryption keys (temporal keys) are derived during the four-way handshake.