We rely on encryption to keep our wireless networks secure. In this video, you’ll learn about encryption technologies used with WPA and WPA2.
<< Previous Video: Access Control Next: Wireless Authentication and Security >>
Many of our networking devices these days are using wireless to communicate, and of course, this wireless communication is going through the airwaves. Every device on the wireless network is both a radio receiver and a radio transmitter. This means if someone is listening in to those frequencies, they can listen in to all of the traffic going over this wireless network. To make sure that all of this wireless communication is protected, we will normally encrypt this data as it’s going over the wireless network. Everyone would get their own password to use, or there would be a shared password for everyone to use on that wireless network.
This means that only the people with the correct credentials would be able to communicate on this wireless network, and if someone does capture this encrypted wireless communication going through the air, they wouldn’t be able to view or understand any of that encrypted data. One of the most common ways of encrypting data on our wireless networks is using WPA2, and if you have older equipment, you may also see WPA encryption used, as well.
WPA stands for Wi-Fi Protected Access. It was created in 2002, and it was created, because we had a pretty serious problem with an encryption method used prior to this called Wireless Equivalent Privacy, or WEP. We found a cryptographic vulnerability in WEP that effectively allowed all of our traffic to be decrypted. So we needed something that would allow us to bridge the gap between the broken WEP encryption and something that would be the successor or more permanent encryption type on these networks.
The short term bridge was WPA. WPA used TKIP, which was the Temporal Key Integrity Protocol, which took advantage of the RC4 stream cipher. With WPA, we got away from some of the problems we had with WEP. For example, we made sure that the initialization vector was much larger, and we used an encrypted hash along with the IV. Every packet would effectively get a unique 128-bit encryption key to make sure all of the communication remained secure.
The key information that was sent across the network with the TKIP would change constantly, because it combined the secret key with the initialization vector. There was also a sequence counter added with TKIP so that no one could perform a replay attack on our wireless networks. There’s also a 64-bit message integrity check on these WPA encrypted networks, which meant that no one could tamper with the packets as they were going through the wireless network.
Unfortunately, TKIP came with its own set of vulnerabilities and eventually it was deprecated from the 802.11 standard. The encryption protocol that became our long term solution for wireless security is WPA2. WPA2 uses CCMP to be able to encrypt the traffic going through our wireless networks. Instead of using RC4 as the encryption algorithm, WPA2 use uses AES, or the Advanced Encryption Standard.
CCMP stands for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, and that effectively replaced the TKIP that we had in WPA. CCMPs block cipher mode uses a 128-bit key and a 128-bit block size. Because WPA2 was using a more advanced encryption algorithm, there were additional resources required by our wireless devices, and many organizations had to upgrade their access points to be able to take advantage of WPA2. But the features in WPA2 were well worth the upgrade. We’re able to have data confidentiality with AES encryption, we have authentication features built into WPA2, and access control is also a feature in the WPA2 protocol.