⚫ Wi-Fi Protected Access

⚫ New security standard adopted by Wi-Fi Alliance consortium

⚫ Ensures compliance with different manufacturers wireless
equipment
⚫ Bridges the gap between WEP and 802.11i(WPA2)networks
⚫ Able to deliver a higher level of security compared to WEP
⚫ Uses Temporal Key Integrity Protocol or (TKIP) and allows
WEP to be upgraded to correct existing security problems
⚫ Passwords are limited to A-F & 0-9
⚫ Advantages over WEP:
⚫ Initialization vector increased from 24 bits to 48 bits
⚫ Results in probability of assigning 500 trillion different key
combinations
⚫ Better key management
⚫ Master keys are never directly used
⚫ Contains impressive message integrity checking
⚫ WPA avoids using weak IV values
⚫ A different key is scrambled and used for each packet,
resulting in a more complex secret key
⚫ WPA protocol implements the majority of IEEE802.11i
standard
⚫ Due to security problems, it has been upgraded to
WPA2, which provides a more stronger and secure data
protection and network access control
⚫ WPA2 has replaced WPA
⚫ WPA2 requires testing and certification by the Wi-Fi
Alliance. WPA2 implements the mandatory elements
of 802.11i. In particular, it introduces a new AES-based
algorithm,CCMP which is considered fully secure.
⚫ Wired Equivalent Privacy
⚫ Security protocol for wireless local area networks
(WLAN) a defined in the 802.11b standard
⚫ Provides same level of security as a wired LAN
⚫ Provides security by encrypting data over radio
frequency waves, so its protected as its transmitted
from end point to end point
⚫ Used at the data link and physical layers on the OSI
model
⚫ Works by using secret keys or codes to encrypt data
⚫ Access point and client both must know the codes in order
for it to function
⚫ Uses either 64 bit or 128 bit keys
⚫ Actual user codes are 40 and 104 bits, with the extra 24 bits
used by the IV(Initialization Vector)
⚫ 3 settings
⚫ Off(no security)
⚫ 64-bit(Weak security)
⚫ 128 bit (Higher security)
⚫ Used for mobile and non-pc devices such as Cell phones,
PDA’s and Mp3 players
⚫ Disadvantages
⚫ No limit on using same IV value more than once
⚫ Encryption vulnerable, especially to collision-based attacks
⚫ Only 24 bits in IV, so there's only 16.7 million variations
of keys
⚫ Master keys are directly used, instead of generating
temporary keys
⚫ Users don’t change keys often
⚫ Gives attackers time to try various techniques to hack into
⚫ Contains two authentication
methods:
⚫ Open System authentication
⚫ Shared Key authentication
⚫ Client doesn’t need to provide its credentials to access
point during authentication
⚫ Allows clients to be able to authenticate themselves with
the access point and then attempts to associate
⚫ No real authentication takes place then
⚫ WEP can be used for encrypting data frames
⚫ Client needs to have right keys
⚫ Four way request and response
⚫ 1. Client station sends authentication request to access
point
⚫ 2. Access point sends back clear-text challenge
⚫ 3. Client must encrypt the text using configured WEP
key, and then sends it back for another authentication
request
⚫ 4. Access point decrypts the information, and
compares it to the clear-text it sent
⚫ Depending on comparisons, the access point will send a
positive or negative response
⚫ WPA (Wi-Fi Protected Access) is a more reasonable
choice in a network security protocol.
⚫ Allows for a longer IV length
⚫ Much better encryption methods which prevents the
reuse of the IV keys
⚫ Master keys are used directly, resulting in a decrease in
the ability of hackers to get into network and system
⚫ With WPA, you can use the same equipment, with a
much better security option. The only thing you need to
do is to upgrade the software and firmware.