January 22, 2012

1.6.1 WPA

WPA

Wi-Fi Protected Access (WPA) is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless networks and surpass the older Wired Equivalent Privacy (WEP) protocol. The Alliance defined WPA in response to serious weaknesses researchers had found in WEP.

WPA (defined in the draft IEEE 802.11i standard) became available around 1999 and was intended as an intermediate measure in anticipation that it would be replaced by the more secure WPA2 protocol.

There are two versions, WPA and WPA2, with the latter being the full implementation of the security features.
The difference between WPA and WPA2 is that WPA implements most—but not all—of 802.11i in order to be able to communicate with older wireless cards and it used the RC4 encryption algorithm with TKIP, while WPA2 implements the full standard and is not compatible with older cards.

WPA also mandates the use of the Temporal Key Integrity Protocol (TKIP), while WPA2 favors Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES encryption with a 48-bit initialization vector. With the larger initialization vector, it increases the difficulty in cracking and minimizes the risk of replay.

WEP used a 40-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.

TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough data volume could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher.
TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with, WPA stops using the current keys and re-keys.

As a simplified timeline useful for exam study, think of WEP as coming first. It was fraught with errors and WPA (with TKIP) was used as an intermediate solution, implementing a portion of the 802.11i standard. The final solution—a full implementation of the 802.11i standard—is WPA2 (with CCMP).5

WPA (and WEP before it) couples the RC4 encryption algorithm with TKIP, while WPA2 favors Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES encryption with a 48-bit initialization vector.

WPA was an intermediate solution that implemented only a portion of the 802.11i standard. The final solution—a full implementation of the 802.11i standard—is WPA2, which uses CCMP.

Security researchers showed theoretically how WPA could be broken in November 2008, in what is known as the “Becks-Tews method” developed by researchers Martin Beck and Erik Tews3.

The attack works only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm, and do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard, or AES, algorithm.

WPA can use a pre-shared key (PSK or Personal WPA) or it can use an authentication server (Enterprise) that distributes the keys. In the PSK method, all devices on the wireless LAN must use the same passphrase key to access the network. The authentication server method is more scalable to support environments with a large number of clients.

The strength of a WPA network, is only as strong as the passphrase used, which consists of from 8 to 63 characters.

References:

  1. http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
  2. http://www.ezlan.net/wpa_wep.html
  3. http://www.zdnet.com/blog/btl/researchers-crack-wpa-wi-fi-encryption-in-60-seconds/23384
  4. http://www.practicallynetworked.com/security/041207wpa_psk.htm
  5. CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney
  6. CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart

No comments:

Post a Comment