Wireless Encryption

WEP

• Main Goals

  • Confidentiality: prevents link-layer eavesdropping

  • Access Control: determines who may have access data

  • Data Integrity: protects the change of data by a third party

  • Efficiency

• Flaws

  • Doesn't encrypt anything

    • No defined method for encryption key distribution

    • pre-shared keys are set once and not changed

    • Easy to recover plaintext messages encrypted with same key

  • RC4 algorithm

  • Created without academic, cryptologic or public review

• Three options

  • 40-bit

  • 128-bit (104-bit key)

  • 232-bit (232-bit key)

• Uses an initialization vector (IV)

  • provides for confidentiality and integrity

  • calculates a 32-bit integrity check (ICV) and appends it to the end of the data payload and then provides a 24-bit IV

  • Combined with a key to be input into an RC4 algorithm

  • Very easy to crack

    • relatively small

    • reused frequently

    • sent in clear text

Wi-Fi Protected Access (WPA / WPA2)

• Uses Temporal Key Integrity Protocol (TKIP) (128-bit key) and the client's MAC address to accomplish much stronger encryption

• the key is changed every 10,000 packets or so

• Keys are transferred back and forth during an Extensible Authentication Protocol (EAP) authentication session

  • Uses a four-step handshake process to prove the client belongs to the AP

• WPA2

  • can be tie EAP or a RADIUS server into the authentication side

  • Uses Kerberos tickets and other offerings

  • Uses Cipher Blocking Chaining Message Authentication Code Protocol (CCMP) to ensure integrity of the message during transit

  • The four-way handshake establishes a nonce (one time-use shared secret for the communication session)

• Not easy to crack