SlideShare ist ein Scribd-Unternehmen logo

Wpa vs Wpa2

Als PPTX, PDF herunterladen
Nzava Luwawa
Nzava Luwawa

This is a research work concerning the differences between WPA and WPA2

Technologie
1 von 30
Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
802.1x Authentication phase
EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
EAP WPA enterprise
EAP standards
WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
ICV
MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
802.11 security solutions
Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.

Empfohlen

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
WPA 3
WPA 3WPA 3
WPA 3diggu22
 

Empfohlen

WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
WPA 3
WPA 3WPA 3
WPA 3diggu22
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityShital Kat
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxAmanuelZewdie4
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Wifi Security
Wifi SecurityWifi Security
Wifi SecurityAgris Ameriks
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Wlan security
Wlan securityWlan security
Wlan securitySajan Sahu
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
WEP
WEPWEP
WEPSudeep Kulkarni
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN SecurityAbu Rayhan Ahmmed Rimu
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-accessbhanu4ugood1
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 
Wireless authentication
Wireless authenticationWireless authentication
Wireless authenticationamanchaurasia
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
WEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxWEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxkudakwashemakado1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxAmanuelZewdie4
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-accessbhanu4ugood1
 
Wireless authentication
Wireless authenticationWireless authentication
Wireless authenticationamanchaurasia
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 

Was ist angesagt? (20)

WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wpa3
Wpa3Wpa3
Wpa3
 
Wlan security
Wlan securityWlan security
Wlan security
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
WEP
WEPWEP
WEP
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Wireless authentication
Wireless authenticationWireless authentication
Wireless authentication
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 

Ähnlich wie Wpa vs Wpa2

Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are youMarcus Dempsey
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
lm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptxlm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptxLucintaLuna4
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Security standard
Security standardSecurity standard
Security standardlyndyv
 

Ähnlich wie Wpa vs Wpa2 (20)

Wireless security837
Wireless security837Wireless security837
Wireless security837
 
WEP .WAP WAP2.pptx
WEP .WAP WAP2.pptxWEP .WAP WAP2.pptx
WEP .WAP WAP2.pptx
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technology
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Wifi
WifiWifi
Wifi
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless and how safe are you
Wireless and how safe are youWireless and how safe are you
Wireless and how safe are you
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
lm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptxlm_wireless_security_overview_of_wireless_sec.pptx
lm_wireless_security_overview_of_wireless_sec.pptx
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
Security standard
Security standardSecurity standard
Security standard
 

Kürzlich hochgeladen

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Kürzlich hochgeladen (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Wpa vs Wpa2

  • 1. Is WPA is still secure? Or maybe you need to use WPA2? Nzavatunga J.Luwawa
  • 2. Topics • WPA definition • WPA encryption and authentication • 802.1x • WPA integrity and confidence • WPA vulnerabilities • WPA2 • Comparison between WPA and WPA2 • Summary • Reference
  • 3. WPA (Wi-Fi Protected Access) • Developed by the Wi-Fi Alliance to secure wireless computer networks • It was adopted in 2003 to solve weakness in WEP • Standardized in IEEE 802.11i • Increased in safety: encryption 256 bits • Known as TKIP(Temporal key Integrity) • It uses RC4 encryption to secure the data • It uses the MIC and frame counter to verify the integrity of the data.
  • 4. WPA Encryption and authentication • WPA introduced new authentication protocol, improved integrity protection measure and per- packets - To provide stronger authentication than in WEP - To prevent spoofing attacks(i.e. bit flopping on WEP CRC) - To prevent FM-style attacks.
  • 5. WPA Encryption and authentication WPA Encryption and authentication methods are: • WPA personal(PSK) • WPA enterprise(802.1x +Radio)
  • 6. WPA Personal • Designed for SOHO-small office/Home office • Uses PSK(Pre-shared Key)passphrase shared between AP and the user • Authentication is made by the AP • Key is manually configured in each equipment in network • Key varies from 8 to 63 characters ASCII
  • 7. WPA Enterprise • Designed to authenticate individual users to an external server via username and password. • Infrastructure is formed by a protocol which uses a 802.1X server in conjunction with EAP(Extensible Authentication Protocol)
  • 8. 802.1x • Communication protocol used between the AP and the authentication server • When a client requests authentication, the authentication server checks in its database if the credentials presented by the petitioner are valid, and if so the client is authenticated and a key called Master Session Key (MSK) is sent to you. • Most often, it is used as the authentication server a RADIUS server
  • 9. 802.1x Phase • 1. Mutually authenticate STA and AS • 2. Generate Master Key (MK) as a side effect of authentication • 3. Generate pairwise MK as an access authorization token • 4. Generate 4 keys for encryption/integrity
  • 11. EAP(Extensible Authentication Protocol) Is responsible for creating a logical channel secure communication between the client (supplicant) and the authentication server, where the credentials will travel on. • Physically, the client communicates with the AP through EAPoL protocol (Extensible Authentication Protocol over LAN). • AP communicates with the authentication server through 802.1x protocol
  • 14. WPA Integrity WPA Integrity consists of two values: • ICV(Integrity Check Value) • MIC
  • 15. ICV (Integrity check value) • The ICV is a typical CRC added to the original message before encryption be performed • a client (or AP) decodes and calculates the the CRC-32 of the message, providing it with the CRC-32 informed the ICV field. If they are different, the message is discarded.
  • 16. ICV
  • 17. MIC(Message Integrity Code) • New verification code message • Used to check whether the contents of a data frame has changes for errors transmitting or manipulating data • Uses 64 bits while WEP • The MIC is obtained through an algorithm known as Michael.
  • 18. Integrity • So integrity is represented by a total of 12 bytes 8 generated by Michael and 4 CRC-32
  • 19. WAP confidence/ TKIP • TKIP (Temporal Key Integrity Protocol) • Designed to solve WEP weakness • Initialization vector has 48 bits • TKIP uses existing RC4 but avoids some of the worst WEP’s problems. • Almost impossible to have reutilization of vector • TKIP is based on the concept of temporal keys, or the key is used for while and then dynamically replaced.
  • 20. TKIP TKIP corrects the following previous WAP flaws: • IV (Initialization Vector) selection and use: as counter (sequence number) • Per-packet key mixing • Increase the size of IV. • Key management.
  • 21. WPA vulnerabilities • Weakness in the key combination algorithm • PSK is vulnerable to eavesdropping and dictionary attack. • TKIP vulnerability allows attacker to guess IP address of the subnet.
  • 22. WPA2 • Has replaced WPA • Was adopted in 2004 • From March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark • it introduces CCMP, a new AES-based encryption mode with strong security • Enhanced the integrity
  • 23. WPA2 Authentication • WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility • The authentication in the WPA2 Personal mode doesn’t require having an authentication server. • WPA2 Enterprise mode consists of the following components :
  • 24. WPA2 Encryption • WPA2 uses AES with a key length of 128 bit to encrypt data. • The AES uses Counter-Mode/CBC-MAC Protocol (CCMP) • The CCMP uses the same key for both encryption and authentication, but different initialization vector.
  • 25. WPA2 Pros The WPA2 has immunity against many types of hacker attack like: • Man-in-the-middle. • Authentication forging. • Replay. • Key collision. • Weak keys. • Packet forging. • Brute force/dictionary attacks.
  • 26. WPA2 cons • Can’t protect agains layer 2 session hijack • RF Jamming • Data flooding • Access points failure
  • 28. Summary 1.WPA2 is the improved version of WPA 2.WPA only supports TKIP encryption while WPA2 supports AES 3.Theoretically, WPA2 is not hackable while WPA is 4.WPA2 requires more processing power than WPA
  • 29. Questions 1. what is WPA? 2. What are the difference between WPA and WPA2? 3. What is WPA Personal? 4. How many bit AES Encryption contains?
  • 30. References • [1] - Shafi, M et al, 1997. Wireless communications in the twenty-first century: a perspective. • Proceedings of the IEEE. Vol 85, No 10, pp 1622 – 1638. • [2] - IEEE 802.11 WG, 1999. Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer • Specification. IEEE Computer Society. • [3] - Borsc, M.e Shinde, H., 2005. Wireless security & privacy. Personal Wireless Communications, • 2005. ICPWC 2005. 2005 IEEE International Conference on. pp 424 – 428. • [4] - Boland, H.e Mousavi, H., 2004. Security issues of the IEEE 802.11b wireless LAN. Electrical and • Computer Engineering, 2004. Canadian Conference on. Vol 1, pp 333 – 336. • [5] - Fluhrer, S., Mantin, I. e Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4. • Eighth Annual Workshop on Selected Areas in Cryptography. Toronto, Canada.