adam's notes

Wi-Fi Protected Access (WPA)

  • choice of security settings is determined by:
    • device support for Wi-Fi encryption standards
    • type of authentication infrastructure
    • purpose of the WLAN
  • encryption standard determines the:
    • cryptographic protocols supported
    • means of generating an encryption key
    • available methods for authenticating wireless stations

WPA

Wi-Fi Protected Access (WPA) is a set of standards for authenticating and encrypting access to Wi-Fi networks.

  • Wi-Fi Protected Access (WPA) version 1 was designed to fix critical vulnerabilities in WEP
    • uses RC4 stream cipher to encrypt traffic
      • like WEP
    • also uses Temporal Key Integrity Protocol (TKIP) to try to mitigate various attacks against WEP
    • WPA and WEP are not secure
      • vulnerable to replay attacks that recover encryption key

Temporal Key Integrity Protocol (TKIP) is a mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

WPA2

WPA2

  • uses Advanced Encryption Standard (AES) cipher
    • replaces RC4
  • deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
    • CCMP replaces TKIP
    • provides authenticated encryption
      • designed to make replay attacks harder
  • vulnerabilities
    • WPA2-PSK is vulnerable to manipulations that enable threat actor to recover key

Wi-Fi Protected Setup (WPS)

Wi-Fi Protected Setup (WPS) is a feature of WPA and WPA2 that allows enrollment in a wireless network based on an eight-digit PIN.

  • To use WPS,
    • both the access point and wireless station (client device) must be WPS-capable
    • devices will have a push button
    • Activate on AP and the adapter simultaneously to associate the devices using a PIN
    • then associate the adapter with the access point using WPA2
    • system generates a random SSID and PSK
    • if does not support a push button,
      • use the printed pin on the WAP
  • vulnerable to brute force
    • PIN is eight characters but,
      • one digit is a checksum
      • the rest are verified as two separate PINs of four and three characters
    • cracks in just hours
    • may not be able to disable it
    • cant change the pin
  • replaced by Easy Connect with WPA3
    • method of securely configuring client devices with the information required to access a Wi-Fi network
    • is a brand name for the Device Provisioning Protocol (DPP)
    • how it works:
      • Each participating device must be configured with a public/private key pair
      • uses quick response (QR) codes or near-field communication (NFC) tags to communicate each device’s public key
      • smartphone is registered as an Easy Connect configurator app and associated with the WAP using its QR code
      • Each client device is associated by scanning its QR code or NFC tag in the configurator app
    • straightforward means of configuring headless Internet of Things (IoT) devices with Wi-Fi connectivity

WPA3

  • main features:
    • Simultaneous Authentication of Equals (SAE)
      • personal authentication mechanism that uses a four-way handshake with a pre-shared key (PSK) to allow a station to
        • associate with an access point
        • authenticate its credentials
        • exchange a key for data encryption
    • updated cryptographic protocols
      • replaces AES CCMP with AES Galois Counter Mode Protocol (GCMP)
    • protected management frames
      • management frames
        • used for:
          • association and authentication
          • disassociation and deauthentication messages
          • as devices join and leave the network
        • can be spoofed and misused in WPA and WPA2
      • WPA3 uses encryption for these frames
        • protects against
          • key recovery attacks
          • DoS attacks that force stations to disconnect
    • Wi-Fi Enhanced Open
      • open wi-fi network is one with no passphrase
      • in WPA2, this means all traffic is unencrypted
      • WPA3 encrypts this traffic
        • any station can still join the network, but is protected against sniffing
    • Wi-Fi Easy Access
      • associate client devices by scanning a QR code

Graph View

Backlinks