enhancing wireless security with wpa n.
Skip this Video
Loading SlideShow in 5 Seconds..
Enhancing Wireless Security with WPA PowerPoint Presentation
Download Presentation
Enhancing Wireless Security with WPA

Loading in 2 Seconds...

play fullscreen
1 / 26

Enhancing Wireless Security with WPA - PowerPoint PPT Presentation

  • Uploaded on

Enhancing Wireless Security with WPA. CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660. Agenda. Overview of WLAN WEP and its weaknesses Promise of WPA - Modes of Operations - Security Mechanisms What is WPA2? Encryption Method Comparison Table

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Enhancing Wireless Security with WPA' - hua

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
enhancing wireless security with wpa

Enhancing Wireless Security with WPA

CS-265 Project

Section: 2 (11:30 – 12:20)

Shefali Jariwala

Student ID


  • Overview of WLAN
  • WEP and its weaknesses
  • Promise of WPA

- Modes of Operations

- Security Mechanisms

  • What is WPA2?
  • Encryption Method Comparison Table
  • Conclusions
overview of wlan

Overview of WLAN

WLAN Standards

802.11 1-2 Mbps speed 2.4 GHz band

802.11a (Wi-Fi) 54 Mbps speed 5 GHz band

802.11b (Wi-Fi) 11 Mbps speed 2.4 GHz band

802.11g (Wi-Fi) 54 Mbps speed 2.4 GHz band

WLAN components

Wireless Clients

Access Points

Requirements for secure WLAN

Encryption and Data Privacy

Authentication and Access Control

security mechanism wired equivalent privacy

Security Mechanism – Wired Equivalent Privacy

  • Confidentiality, Access Control and Data Integrity
  • Both WEP Authentication and encryption are based on a secret key shared between AP and wireless client
  • WEP uses RC4 encryption algorithm
    • Symmetric Key stream Cipher
    • variable length key
    • 64 bit = 40 bit WEP key and 24 bit random number known as IV to encrypt the data
    • Encryption: stream cipher plaintext= cipher text
    • Sender sends the packet = cipher text + IV to receiver
    • Decryption: WEP key and attached IV
wep encryption

WEP Encryption

WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65

wep authentication

WEP Authentication

Two modes of authentication:

Open System ( “No Authentication”)

Shared Key

Access Point


Authentication request

Random challenge

Encrypted RC

Success/failure response

wep weaknesses

WEP Weaknesses

A single key is used for all AP’s and wireless clients

Static WEP key ~ Dynamic WEP Key

Same key used for Access Control and Encryption which gives rise to problems

Initialization Vector (IV) Reuse

Ci = Pi  ksi and Ci’= Pi’  ksi’

Therefore, Ci  Ci’= Pi  Pi’

Known Plain text attacks

WEP provides no replay protection

When WEP was available it was not always turned on

promise of wpa wireless protected access

Promise of WPA - Wireless Protected Access

stronger security solution via standards-based interoperable security specification known as WPA (Wi-Fi specification)

WPA is a subset of 802.11i standard and maintains forward compatibility

Run as software upgrade on AP’s and NIC’s and minimizes the impact of network performance

Inexpensive in terms of cost/time to implement and addresses all WEP weaknesses

Secure all versions of 802.11 devices including 802.11b, 802.11a and 802.11g

wpa modes of operation

WPA - Modes of Operation

Enterprise Mode:

Requires an authentication server – RADIUS

(Remote Authentication Dial In Service) for authentication and key distribution

RADIUS has centralized management of user credentials

Pre-shared key (PSK) Mode:

Does not require authentication server

A “shared secret” is used for authentication to access point

vulnerable to dictionary attacks

enterprise mode diagram

Enterprise Mode Diagram


psk mode diagram

PSK Mode Diagram


issues of psk mode

Issues of PSK Mode

Needed if no authentication server is in use

“shared secret” – revealed, network security is compromised

No standardized way of changing shared secret

It increases the attacker’s effort to do decryption of messages

The more complex the shared secret is, the better it is

as there are less chances of dictionary attacks

security mechanisms in wpa

Security Mechanisms in WPA


802 1x authentication prevents end users from accessing enterprise networks

802.1X Authentication prevents end users from accessing Enterprise networks


simpler representation

Simpler Representation


(Wireless Client)


(Access Point)


Initiates connection

Port = enabled

State = unauthorized

requests identity

responds with identity

Forwards the identity

Forwards Response


Port = enabled

State = authorized


requests identity from RADIUS

Forwards the request

Access points forwards the identity

RADIUS passes its identity

mutual authentication

Mutual Authentication


tkip temporal key integrity protocol

TKIP – Temporal Key Integrity Protocol

TKIP is responsible for generating the encryption key, encrypting the message and verifying its integrity

TKIP ensures:

- Encryption key changes with every packet

- Encryption key is unique for every client

- TKIP encryptions keys are 256 bit long

WEP Encryption key = shared secret + IV

TKIP packet comprises of:

- 128 bit temporal key (shared by both clients and AP)

- Client Device MAC address

- 48 bit IV (Packet sequence number) to prevent known plain text attacks (WEP = 24 bit IV)

tkip for data privacy

TKIP for Data Privacy

TKIP key mixing function + temporal key = per packet key

Temporal keys - 128 bit, change frequently, definite life

MAC Address + Temporal key + four most significant octets of the packet sequence number are fed into the S-Box to generate intermediate key

Results in a unique encryption key

Then, mix the intermediate key with two least significant octets of packet sequence number = 128 bit per packet key

Each key encrypts only one packet of data and prevents weak key attacks

michael message integrity check

Michael Message Integrity Check

Used to enforce data integrity

“Message Integrity Code” (MIC) = 64 bit message calc. using Michael’s algorithm

MIC is inserted in the TKIP packet

The sender and the receiver each compute MIC and then compare. MIC does not match = data is manipulated

Detects potential packet content altercation due to transmission error or purposeful manipulation

Uses 64 bit key and partitions the data into 32 bit blocks

Various operations: shifts, XOR’s, additions

wep vs wpa



drawbacks of wpa

Drawbacks of WPA

Vulnerable to Denial-of-Service Attacks

AP receives 2 data packets that fail MIC check within 60 seconds - active attack

Counter measure for AP’s which includes disassociating each client using the AP

Prevents the attacker from getting encryption keys

Users can loose network connectivity for 60 seconds

upcoming wpa2

Upcoming WPA2

Uses the Advanced Encryption Standard (AES)

Symmetric key block 128 bit key

Full 802.11i support including Counter Mode with CBC- MAC Protocol (CCMP) encryption


Will require or replacement hardware (AP’s and NIC’s)

Certified Equipments due in late 2004

encryption method comparison table

Encryption Method Comparison Table




WEP is not secure anymore !

WPA solves almost all WEP weaknesses

WPA still considered secure and provides secure authentication, encryption and access control

WPA is not yet broken…!

WPA2 is a stronger cipher than WPA and will provide robust security for WLANs



  • WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65

Wireless networking security: Security flaws in 802.11 data link protocols, Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker; Communications of the ACM-Volume 46, Issue 5 (May 2003), Pages 35-39

  • http://www.cizgi.com.tr/makaleler/seminer/S2-1.pdf
  • http://www.dtm.ca/download/wireless_toshiba.pdf
  • http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf
  • http://www.mtghouse.com/MDC_WP_052603.pdf





http://www.wi-fi.org/opensection/pdf/Wi- Fi_ProtectedAccessWebcast_2003.pdf