Wired Equivalency Protocol (WEP) uses a naive encryption standard that has become virtually useless. WEP was supplanted by WiFi Protected Access (WPA) WPA was found to be too weak too, and it has been supplanted in turn by WiFi Protected Access 2 (WPA2), which seems to be strong enough for now.To support WPA or WPA2, some old Wi-Fi access points firmware upgradation is required.
WPA2-PSK (Preshared Key) is the strongest and most practical form of WPA for most home users. WPA2 is more secure than WPA because it uses the much stronger AES (Advanced Encryption Standard) protocol for encrypting packets.The encryption key may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits. The maximum length results in 256 bit strength, which is what 64 (hex digits) multiplied by 4 bits/digit yields.
WEP supports two methods of authentication:
1. Open System authentication and
2. Shared Key authentication.
In Open System authentication(Open-WEP ), the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In effect, no authentication occurs. Subsequently WEP keys can be used for encrypting data frames. At this point, the client must have the correct keys.
In Shared Key authentication(Shared-WEP), the WEP key is used for authentication in a four step challenge-response handshake:
1.The client sends an authentication request to the Access Point.
2.The Access Point replies with a clear-text challenge.
3.The client encrypts the challenge-text using the configured WEP key, and sends it back in another authentication request.
4.The Access Point decrypts the response. If this matches the challenge-text the Access Point sends back a positive reply.
After the authentication and association, the pre-shared WEP key is also used for encrypting the data frames using RC4.
Shared-WEP authentication is not secure when compared with Open System authentication, as It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication. Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication.
Q. What is Wi-Fi Protected Access?
A.Wi-Fi Protected Access (WPA) is a standards-based security solution from the Wi-Fi Alliance that addresses the vulnerabilities in native WLANs and provides enhanced protection from targeted attacks. WPA addresses all known Wired Equivalent Privacy (WEP) vulnerabilities in the original IEEE 802.11 security implementation and brings an immediate security solution to WLANs in both enterprise and small office/home office (SOHO) environments. WPA uses Temporal Key Integrity Protocol (TKIP) for encryption. WPA is fully supported by the Cisco® Wireless Security Suite and the Cisco Structured Wireless-Aware Network (SWAN).
Q. What is WPA2?
A. WPA2 is the next generation of Wi-Fi security. It is the Wi-Fi Alliance's interoperable implementation of the ratified IEEE 802.11i standard. It implements the National Institute of Standards and Technology (NIST) recommended Advanced Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
Q. What is IEEE 802.11i?
A. IEEE 802.11i defines security standards for WLANs. IEEE 802.11i details stronger encryption, authentication, and key management strategies for wireless data and system security. It includes two new data-confidentiality protocols (TKIP and AES-CCMP), a negotiation process for selecting the correct confidentiality protocol, a key system for each traffic type, key caching, and pre-authentication. For more information, an article written by IEEE 802.11i Working Group Chairperson, David Halasz of Cisco Systems, is available through Embedded.com, at: IEEE 802.11i and Wireless Security.
Q. How are WPA and WPA2 similar?
A. Both WPA and WPA2 offer a high level of assurance for end users and network administrators that their data will remain private and that access to their networks will be restricted to authorized users. Both have personal and enterprise modes of operation that meet the distinct needs of the two market segments. The Enterprise Mode of each uses IEEE 802.1X and extensible authentication protocol (EAP) for authentication.
Q. How are WPA and WPA2 different?
A. WPA2 provides a stronger encryption mechanism through AES, which is a requirement for some corporate and government users. TKIP, the encryption mechanism in WPA, relies on RC4 instead of Triple Data Encryption Standard (3DES), AES, or another encryption algorithm.
Q. Is WPA2 backward-compatible with WPA?
A. Yes. All products that are Wi-Fi Certified for WPA2 are required to be interoperable with products that are Wi-Fi Certified for WPA.
WPA2-PSK (Preshared Key) is the strongest and most practical form of WPA for most home users. WPA2 is more secure than WPA because it uses the much stronger AES (Advanced Encryption Standard) protocol for encrypting packets.The encryption key may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits. The maximum length results in 256 bit strength, which is what 64 (hex digits) multiplied by 4 bits/digit yields.
WEP supports two methods of authentication:
1. Open System authentication and
2. Shared Key authentication.
In Open System authentication(Open-WEP ), the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In effect, no authentication occurs. Subsequently WEP keys can be used for encrypting data frames. At this point, the client must have the correct keys.
In Shared Key authentication(Shared-WEP), the WEP key is used for authentication in a four step challenge-response handshake:
1.The client sends an authentication request to the Access Point.
2.The Access Point replies with a clear-text challenge.
3.The client encrypts the challenge-text using the configured WEP key, and sends it back in another authentication request.
4.The Access Point decrypts the response. If this matches the challenge-text the Access Point sends back a positive reply.
After the authentication and association, the pre-shared WEP key is also used for encrypting the data frames using RC4.
Shared-WEP authentication is not secure when compared with Open System authentication, as It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication. Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication.
Check out the following Q&A for better Understanding:
A.Wi-Fi Protected Access (WPA) is a standards-based security solution from the Wi-Fi Alliance that addresses the vulnerabilities in native WLANs and provides enhanced protection from targeted attacks. WPA addresses all known Wired Equivalent Privacy (WEP) vulnerabilities in the original IEEE 802.11 security implementation and brings an immediate security solution to WLANs in both enterprise and small office/home office (SOHO) environments. WPA uses Temporal Key Integrity Protocol (TKIP) for encryption. WPA is fully supported by the Cisco® Wireless Security Suite and the Cisco Structured Wireless-Aware Network (SWAN).
Q. What is WPA2?
A. WPA2 is the next generation of Wi-Fi security. It is the Wi-Fi Alliance's interoperable implementation of the ratified IEEE 802.11i standard. It implements the National Institute of Standards and Technology (NIST) recommended Advanced Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
Q. What is IEEE 802.11i?
A. IEEE 802.11i defines security standards for WLANs. IEEE 802.11i details stronger encryption, authentication, and key management strategies for wireless data and system security. It includes two new data-confidentiality protocols (TKIP and AES-CCMP), a negotiation process for selecting the correct confidentiality protocol, a key system for each traffic type, key caching, and pre-authentication. For more information, an article written by IEEE 802.11i Working Group Chairperson, David Halasz of Cisco Systems, is available through Embedded.com, at: IEEE 802.11i and Wireless Security.
Q. How are WPA and WPA2 similar?
A. Both WPA and WPA2 offer a high level of assurance for end users and network administrators that their data will remain private and that access to their networks will be restricted to authorized users. Both have personal and enterprise modes of operation that meet the distinct needs of the two market segments. The Enterprise Mode of each uses IEEE 802.1X and extensible authentication protocol (EAP) for authentication.
Q. How are WPA and WPA2 different?
A. WPA2 provides a stronger encryption mechanism through AES, which is a requirement for some corporate and government users. TKIP, the encryption mechanism in WPA, relies on RC4 instead of Triple Data Encryption Standard (3DES), AES, or another encryption algorithm.
Q. Is WPA2 backward-compatible with WPA?
A. Yes. All products that are Wi-Fi Certified for WPA2 are required to be interoperable with products that are Wi-Fi Certified for WPA.
No comments:
Post a Comment