Wireless Security Protocols Tutorial

4.1 WEP

Now let's discuss security protocols used in wireless networks. The first security protocol we'll discuss is WEP and WEP stands for Wired Equivalency Protocol. And, as the name suggests, WEP was designed to give us the same privacy Or security, or confidentiality that we would expect to find in a wired network. It tries to implement that for a wireless network. It was the first major security protocol that was implemented. And it was the first major one that could encrypt wireless traffic. Now it takes place at Layer 2 of the OSI model. It basically encrypts data, the payload itself of the 802.11 packet. At layer two, it encrypts layers three through seven above in the OSI model, all the data. Now WEP provides some limited access control for us, but it does not give us true authentication as we know it. The access control comes from the fact that only the individual or the host with the passphrase should be able to connect to the access point. In fact, in this model the access point assumes that if the host has this key, this pass phrase, that it's automatically allowed to join. There's no verification of identity or anything like that in that method. Now what was implemented with the 802.11 B standard? We know the 802.11 A and B pretty much came out the same time. But 802.11a was not very popular due to expensive equipment and so forth. So WEP was pretty much just implemented in the b standard as it became popular in the commercial and home use. Now, a little bit about WEP keys. You have two forms of WEP As far as key strength goes. You have a 64 bit key or a 128 bit key, and these are both static keys. They don't change throughout the transmission session. Now, the actual size of these keys is 40 or 104 bit, respectively, because there is a 24 bit initialization vector. Or IV that is used part of this key strength. So subtract 24-bits from 64, and obviously you get 40. The same thing with 128-bit keys that use 24-bit initialization vectors are made to be 104-bit keys. Now, this system uses a 24-bit IV for every single frame. But keep in mind that, because it's 24-bits, there are only right around 16 million or so possibilities. So, in a network that has a lot of WEP traffic, A lot of packets and so for is going across the network. There's eventually going to be some repetitions, going to repeat those keys. Because 16M packets is really isn't a lot in a hot traffic network. So one of the ways you would hack web is to intercept this key, watch for it And as you collect data, the more data you collect, the more traffic you sniff, the greater the possibility of getting the WEP key. Now WEP uses the shared key that we discussed and a challenge/response system to allow for authentication between the host and the access point. And again, it's not true authentication really. In this system, the access point issues a challenge, and the host has to issue a certain response. And that way it's authenticated, if you will, to the access point. Now, a couple of things wrong with this system are that the IV is sent in clear text. It's not encrypted at all. Also, the challenge is sent in clear text. It's also not encrypted. Now, those two things would be bad enough, but there's a couple of other things wrong here. WEP uses RC4 for its encryption algorithm. This is a streaming cypher that actually is a pretty strong cypher You'll notice on the screen that we've put a little A there and then A stands for alleged. Sometimes you'll see this in various books or texts. And we'll talk about alleged RC4 and the reason for this is that. WEP was implemented with RC4 before the RC4 protocols were released to the public. So once it was cracked, then it was discovered that RC4 was in use, it was called a ledged RC4, if you will. It's still RC4. Now RC4 is again, a very good encryption algorithm. However, it was poorly implemented with WEP. So you have combined a poor implementation of RC4, plus the fact that the IV is sent in clear text and the challenge is sent in clear text, and all that means that you have an easily crackable system. Add that with IV values that are not very large and repeat often, and it's pretty easy to crack WEP. Fortunately, WEP has largely been replaced by WPA nad WPA2 security later on. We typically only see WEP in legacy systems, systems that run older versions of Windows or Linux that can't support WPA or WPA2, or on older hardware, such as 802.11-b cards, because they can't support WEP, or rather, they cannot support WPA Or WPA2. The bottom line with WEP is you shouldn't use it. You should use WPA and WPA2 if you can. However, if you're limited by an older operating system or an older piece of hardware, it's better than nothing. It's better than sending data in clear text. It may not stop a determined hacker But it will stop the average person just driving around looking for a quick internet access point. So it's better than nothing, but don't use it if you don't have to.

4.2 WPA

Now let's talk about WiFi Protected Access or WPA. Now, WPA is pretty much the successor to WEP. It was developed by the WiFi alliance, which is a group of hardware vendors and wireless organizations, as a stop-gap measure to overcome some of the problems that WEP had Easily crackable security obviously, but short initialization vector static keys, portable implementation of RC4 and so forth. So WPA came around to basically to mitigate some of those issues. Now, knowing that there was another standard on the way. The WiFi lines tried to make WPA basically compliant with some of those early draft standards. Now WPA did take into account older hardware. In fact, it's possible sometimes to do a firmware upgrade Or to introduce new drivers onto a system, so that it will use WPA but this is very rare. And typically not desirable. So some of the older operating systems, WIndows XP for example Apple can use WPA with a patch or service pack or something of that nature. So WPA did work on some older hardware, some of the newer g cards, and even on some of the b cards, although not very well. Now this was used while they were waiting on the 802.11i standard to be ratified. Now WPA. Got around some of WEP's problems by incorporating something called TKIP. The Temporal Key Integrity Protocol. And what it allowed them to do was create dynamic keys rather than static keys. So the keys changed very often. And you didn't have the same static key that was repeated over and over and over, so it made it difficult to get the key by sniffing large amounts of traffic. Now we know today that WPA has pretty much been supplanted Supplanted or replaced when 802.11i or WPA2 came out, and this came out right around July 2004. However WPA is still around and still widely used. It depends on the devices on the network. Some of them are WPA compatible, or some of them may need to be compatible even with older Web devices. Also, there are sometimes where people just haven't moved to WPA2. We still see it a lot out there, as a matter of fact. Now WPA provides for passphrases or preshared keys, they're called. As an authentication method in small environments. And the name for this is WPA Personal. WPA also allows for something called 802.1X authentication, which is an authentication or framework that's really not tied to wireless networks at all We see it implemented mostly in wireless networks but it's basically port based security and it can be implemented in other types of networks. What 802.1X authentication allows us to do is use different protocols, such as EAP the extensible authentication protocol. It also allows for different authentication methods. Obviously user ID's and passwords but it can also use smart cards and certificate based authentication. We typically see 802.1X authentication used in larger environments, larger organizations, enterprise level environments. In fact, the name for this method is WPA enterprise. Now were going to talk about WPA two And 802.11i shortly. You'll kind of see what the differences are between WPA and WPA 2. And we'll also cover 802.1x a little bit later as well.

4.3 WPA2

In July 2004 the [INAUDIBLE] adopted 802.11i standard Now this standard, they have been working on for a while. But in the mean time that the WiFi Alliance had also created WPA. And WPA was essentially invented to re replace web because of the many weaknesses the web had. In the fact that it was easily crackable. So WPA was a stop getting measure. Now the WiFi Alliance after 802.11i came out. They pretty much branded any compliant products that used 802.11i standards as WPA2 is kind of of trade name And it was backwards compatible with WPA devices. Now, 802.11i and WPA2 are used interchangeably for the most part. But understand that the BPA2 is pretty much the trade name for the standard Quitted by the WiFi Alliance. And again the WiFi Alliance is a group of hardware vendors and wireless organizations. Now, in 2011 I also defined something called an RSN. And that's a robust security network. So that basically is a concept that helps to better encrypt and authenticate the clients And access points and the traffic that closed between them. Now WPA2 uses dynamic key generation just like WPA did. In fact, to maintain backwards compatibility, WPA2. Can use TKIP as an optional mode, a temporal key integrity protocol. Now recall that, that was an improvement over Web static keys that WPA came out with. And it also used RC4, slightly better implementation of RC4 as a matter of fact. Now that still maintained backwards compatibility. The WPA2 prefers to use the Advanced Encryption Standard or AES because it's a much better encryption algorithm. It's standardized, it's been vetted and so forth. However, it can default to TKIP for backwards compatibility. Now when using AES, the BPA2 uses something called Counter Mode with Cipher Block Chaining or CBC, Message Authentication Code or MAC. Protocol and the name for all that put together is CCMP, You'll see that abbreviated sometimes as CCMP-AES, or vice versa. And basically that's the encryption method that it uses with AES. Now 802.11I and WPA 2 Define two methods of authentication is standard. There's pre-shared keys, like we discussed before, and this is called WPA2 personal. There's also 802.1X authentication that would use, would be used in enterprise environments, and this is called, coincidentally, WPA2 enterprise And these are backwards compatible with their equivalents in WPA. Now, let's look at the RSN, the Robust Security Network. This means that two stations actually have to authenticate and associate with each other. And there's a rather long, drawn out process for this. It actually doesn't take very long. But there's a process to it. And during this process, there's a 4-way handshake. Pretty much like the standard 3-way handshake that TCP does, only it's a little bit different. Same concept. During this process, they also create dynamic encryption keys that are shared between them. Now the 802.11i standard and the RSN concept as well as WPA and WPA2 were adopted as part of the 802.11 standard that came out in 2007. Remember that originally the 802.11 standard came out in 1999 and it had not been updated. Officially, until 2007. So it adopted all those technologies that came out in the interim. This is the standard we use today its 802.11-2007.

4.4 802.1x

We're now going to discuss the 802.1X authentication method. 802.1X is a port-based Network Access Control standard. Now by port-based, we mean two logical ports and one logical port is used to authenticate the client initially without allowing it to connect. And the other logical port is used to connect it and encrypt it and, after it's authenticated. Now, 802.1X is not part of the wireless standards, has nothing to do with the 802.11 standards, but it is used widely as an authentication method In most 802.11 networks that are enterprise level networks. It's also used in wired networks, so it's not exclusively tied to wireless. Now, there are several components to it, and it can use several different authentication methods that we're going to discuss. It can use Extensible Authentication Protocol which is EAP and it's a very popular authentication protocol. Earlier protocols were very specific to either vendor or they were proprietary or they were very ineffective and didn't allow for additional authentication methods. Things like Smart cards and certificate-based authentication. EAP allows all of those. In fact the reason it's called extensible is it can allow for different authentication mechanisms and devices that may not even exist yet. When it's used over LAN connections, we call it EAPOL for EAP over LAN. Now, EAP and 802.1X are both formalized authentication methods that require an authentication server on the network for identity verification. Now 802.1X has three major components. The supplicant, which is the client device. It's what you want to connect to the wireless network. And this can be, again, a laptop, a tablet, it can even be a PC. Supplicant can also be client software on the device. The authenticator is the wireless access point that you're trying to connect to. It could be a wireless concentrator or wireless access point. Or in the case of a wired network, it could be a switch or a router or a radius dial-in server. The authentication server part of this is the system that contains the credentialed database for identify verification. It could be something like a RADIUS server or Kerberos in Active Directory combination. Now 802.1X supports RADIUS, Active Directory, and any other. Database server that is EAPOL-complaint. So it could use open L dap, it could use different authentication databases and methods. As long as there's a method for authenticating credentials and identities. Now the current standards is the 802.1-2010, but there are previous standards too, that approach authentication from different perspectives And are able to do it at different levels. But you really want use products that are compliant with 802.1X-2010. Now 802.1-X is typically not used in a smaller environment such as a soho or Small home office environment type of organization. It really needs to be used in large organizations, enterprise-level authentication is what it's really intended for. The 802.1X framework is used basically to connect wireless devices, enterprise-level wireless devices To the wired network, to a centralized wired network, through the use of the wireless access points. It's also used not only to authenticate the device itself but to authenticate the user. User using the device. So there is some authentication of the user entity as well. It's also used to mutually authenticate devices that have to authenticated to each other. Two servers, for example, could be authenticated to each other through 802.1X

4.5 EAP

Now we're going to talk about the Extensible Authentication Protocol or EAP. As we mentioned earlier, EAP is used in 802.1X networks. And when we say 802.1X we're talking authentication methods. In an enterprise level network. Now this could be a wireless network which was where we usually see 802.1x in EAP but it could also be in a wired network. Now EAP provides multiple methods to authenticate to a network. Authentication methods that were traditionally not allowed by protocols such as Chap. CHAP V2, MS CHAP and so forth. These methods provided only for username and password, that's all you could use. And the mechanisms were fairly weak. CHAP V2 did a pretty good job of using challenge response authentication to encrypt the password, and only the encrypted Response was sent across to wire, so the password wasn't actually sent. But there are other methods that are probably better to use than username and password obviously. And those methods that not provide for those. Those different protocols did not use things like smart cards, PKIs, certificates, Kerberos and so forth. So that's where EAP came from. EAP is extensible, it means that it can use a wide variety of authentication methods that we use today. Certificate-based authentication, smart cards and pins. RSA tokens and so forth. It can use all of those, any two factor or multi factor authentication method, because it's extensible. It can even use methods that probably haven't been invented yet. So, it's not a specific authentication method, but it's more of an authentication standardized framework. Now there's several different versions of EAP that we'll talk about and they're used in various iterations of 802.1x and in EAP. Now one of the more common versions of EAP is TLS, Transport Layer Security. And that's one of the more common versions obviously. It provides strong security but it uses a client certificate. So you have to have a PKI system in place. You have to issue service certificates and client certificates because it uses mutual authentication. Both devices the host and the server or the two servers are mutually authenticated to each other. It's not just a simple case of the device asserting its identity and the server having to confirm its identity. Both have to do mutual identification. So in order to have the certificate-based system, you have to have a PKI already in place in your organization. Now there's also EAP- Tunneling Transport Layer Security or TTLS. This provides certificate base mutual authentication of both the client and server, but it does not require a client certificate. It uses TLS records to tunnel client authentication to the server, to the authentication mechanism. Then there's PEAP. That's Protected Extensible Authentication Protocol. And that's similar to EAP-TTLS in that it does not require a class certificate. Theres also propertiary extensions and versions of LEAP and one of those is the Lightweight Extensible Authentication Protocol or LEAP. This is an older iteration of LEAP and is a Cisco propertiary version of it. Its a WLAN protocol specifically it's not used in wired networks. Now, it uses WEP and mutual authentication. But obviously. because it uses WEP, it's susceptible to attack. LEAP has been, pretty much deprecated. It's been replaced by other forms of EAP. And it has been successfully cracked. There are successful attacks against LEAP because of the way it's implemented. Now there's also another version of EAP called EAP-MD5. It's a much older capability, and it's not widely used. And obviously It uses MD5 hashing as an authentication method. We typically don't see that implemented anymore. There are other versions of EAP out there, that we haven't discussed, and we haven't really gone into. Detail on most of these. And for the purposes of what we're doing in the course, you don't need to know the internal structures of EAP. Where you do need to know some of the more important features of it, we'll discuss it as we go through the course. Course. So, for now, you just need to understand that EAP is the protocol of choice for 802.1x networks. It's an authentication method that is extensible and uses a wide variety of different authentication methods in its framework, things like smart cards, certificates, and so forth.

4.6 WAP

Now, let's look at wireless application protocol, or WAP. Now, don't confuse the web with wireless access point. WAP is really not a security protocol, so you may ask yourself why we're talking about it now. And the reason we are is because it does have security components that we probably ought to look at. WAP basically is an open-standards protocol that we use To enable some wireless devices to access the internet and the World Wide Web. It was created by a group of folks called the WAP Forum. It's the primary protocol or at least it was a few years ago for most of the world's wireless sites that are specific to devices. Now, we've seen WAP change over the years. It's went through a few iterations, from WAP 1 to WAP version 2, and we also see a lot of devices use native internet surfing. This means that, basically, they can look at the world wide web as it was intended to look at through a typical browser, things like Safari. Or how it would look in Internet Explorer and so forth. But WAP basically was created to allow mobile devices that did not do this to view World Wide Web applications just for the wireless device. We still see it out there, although generally we're seeing it less. It uses a dynamically generated Wireless Markup Language or WML. And this is similar to what we see for HTML. Now WAP has multiple layers and these are very similar to what we see in OSI models and TCP/IP models. But version one, they don't exactly map to those particular models. Now WAP is responsible for connection, security and application services For wireless devices and the applications that use it. It is compatible with most wireless operating systems, hardware and protocols. Now there's a couple different versions of WAP that we'll discuss. There's WAP version one. We don't see it very often but it may be in use on older devices. Now this is basically a set of protocols that reside at the top four layers of the OSI model. So it basically discusses application level protocols. How to render different wireless applications render web based applications for wireless devices and it takes care of typical wireless protocols or application level protocols that we see in the top for layers of the model things like htp. FTP and so forth. Now, the WAP stacking clues protocols such as the wireless application environment, the wireless session protocol, wireless transaction protocol and what we're probably more interested in anything, the Wireless Transport Layer Security Protocol. Which provides transport layer security similar to what the transport layer in the OIS model does. And also provides a wireless datagram protocol. There also some bearer protocols at lower layer and we don't really know this for what we're doing but so your aware they're there. WAP 1 requires protocols pass through whats called Called a WAP gateway. Now this gateway may sit on the other side of, say cell towers for example, at a network. And what it would do is allow WAP protocols to be translated to internet protocols such as TCPIP. And this translation would happen back and forth TCP/IP and the web protocols through the gateway. And this translates both protocols and the content used for wireless devices. Now its been replaced by a new. Version of WAP, WAP 2. WAP 2 replaces the WAP 1 upper layers with typical OSI model layers and the reason it does this is that it wants to make WAP more in line with standard protocols. So you'd have the standard top four application presentation transport in session layers involved in a WAP versus a proprietary ones that we saw earlier. This basically is so it'll make it easier to standardize applications, formats and protocols across wireless and non wireless devices. Now it uses a standard TLS instead of the wireless TLS version for security. So that's actually very good because TLS is a standardized protocol that has had some very good success. With the Internet. We use SSL or TLS to encrypt a session between a client and a server over the Internet. And there's no reason that we can't use that for a wireless device as well. That was the thinking behind replacing wireless TLS with regular TLS. Now WAP 2.0 is still backwards compatible with WAP 1. But again, we're not seeing WAP 1 much anymore And truthfully, we're not seeing WEP 2 much anymore. It's being depricated because wireless devices are becoming more in line with normal operating systems and normal internet protocols.

4.7 Authentication Methods

[SOUND] Now, let's discuss authentication methods. Now, we've talked about these briefly during each of our discussions on the different wireless protocols, but we've only talked about them incidentally to those discussions. So, let's group all of these different methods together and discuss them all at once. There's several authentication methods that we can use across all wireless encryption protocols. Now, some of these aren't very strong and don't offer true authentication as we know authentication to be, but they're rather access control methods that are used. Now, the form of authentication varies with the wireless protocol. Some are used in WEP and some are used, more or less, in WPA and WPA-2 And we'll talk about each of these. First one we'll discuss is Open System Authentication. Now despite its name, this is really not an authentication mechanism. It's more of an access control mechanism. What it does is it allows any device having a key, a particular key that's not configured in advance. To connect to the access point or another host. Basically a host in ad-hoc mode. We see this a lot in ad-hoc mode where one host is talking to another. I say it's not preconfigured. It is configured on the access point, but it doesn't have to necessarily be preconfigured on the host itself. Now it's not really part of WAP and it can be use with or without WAP. When it's use with WAP, it provides for some type of encryption for the data itself. Now WAP is not use for the authentication system, but WAP can be use to encrypted data. So WAP is an option here. And you typically will see this. In older systems, 802.11B wireless systems. Next method is Shared Key Authentication. Now Shared Key does use WEP to authenticate clients. In fact, it requires WEP its not an option with Shared Key. This is a little bit different in that it requires a static key. Be configured on both the client and the access point. Now this static key has to be a certain number of characters, either six or ten xe or hexadecimal digits. Now shared key uses a challenge response method and how that works is the access point issues a challenge, unfortunately in plain text, the. Client uses the pre-shared key or rather the key that is configured to encrypt this response. And this response is sent back across the network to the access point. The access point uses the shared key to decrypt that response. And if it decrypts successfully. Then it knows that the client had the shared key it was supposed to and it authenticates and allows it to join the network. This is a kind of a four-way handshake is what it's called. Now both the shared key authentication methods and the open authentication are pre-RSNA. And remember from earlier discussions Is that, RSNA stands for Robust Security Network, and the A standards for Association. And you'll see RSN and RSNA used in the discussions with 802.1x. Now the pre-shared key authentication is not the same thing as shared key authentication that we just discussed. A lot of people get those confused. Pre-Shared Key will typically only see in WPA and WPA2 networks. It will not see this in web. Pre-Shared Key basically means that you can use a 8 through 63 character ASCII passphrase Now remember, shared key had to be either six or ten ASCII or hexadecimal digits. This can be any size, basically, passphrase between eight and 63 characters. And this passphrase is converted to a 256-bit pre-shared key by appending it with certain things such as the IV. And, once it's appended with the IV, there's some mathematical computations done on it, and it's produced a 256-bit 64-character Pre-Shared Key. So you're not using the same key that you put into the wireless access point in the client. That key is converted to the Pre-Shared Key. And this is what she used in Communications. Again, this is for WPA and WPA2 only. We've discussed a 2.1X, and basically it;s standard product's authentication method that we can use only in WPA and WPA2. And it uses EAP. And what this is used for is to connect to enterprise level networks to provide for authentication of not only the device but also the user using the device. It also provides for mutual authentication. Both client and server have to authenticate themselves to the network. And we typically see it used in wireless networks, but it can be used in wired networks, as weve said before. So, these are some of the typical authentication methods. Sop when you hear them, you'll know what we're talking about. Open, shared, pre-shared key and enterprise. And you'll see these as configuration options. With WAP, WPA and WPA 2 when you configure your wireless access points in clients.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*