Wireless networks IEEE 802'11i WPA2

1
Wireless networks - IEEE 802.11i (WPA2)

• By Omar Faruk

2
Outline

• What is IEEE 802.11 ?
• Why IEEE 802.11i ?
• Whats New in WPA ?
• Features in WPA2
• WEP, WPA, WPA2 Comparision
• Relevant Exam Questions
• References

3
What is IEEE 802.11 ?

• Wi-Fi standard, denotes a set of Wireless LAN
  standards
• Updated by amendments such as IEEE 802.11a, b i
  etc.
• Works in two modes
• Ad-hoc mode (Client - Client)
• Infrastructure mode (Client - AP)
• Use Association or Authentication to authenticate
  with AP
• Open System
• Shared Key
• Provide security through WEP (wired equivalent
  privacy)
• Optional
• Shares a Key
• Use RC4 algorithm

4
Why IEEE 802.11i ?

• Provide security through WEP (wired equivalent
  privacy)
• Original Key size was too small (40 bit)
• Heavy Reuse of keys
• No Key Management within protocol
• Not Effective Authentication protocol
• Main areas of improvement in IEEE 802.11i are -
• Authentication
• Key management
• Data transfer
• Implemented in WPA and WPA2 (Wi-Fi Protected
  Access )

5
Whats New in WPA ?

• Authentication
• Use TKIP (Temporal Key Integrity Protocol), to
  dynamically change keys
• Can also be used in a less secure PSK
  (pre-shared key) mode
• Encryption
• Use RC4 with large key size (128 bit) and IV (48
  bit)
• Defeats the well-known key recovery attacks on
  WEP
• Data Integrity
• More secure MIC (Message Integrity Code) named
  "Michael" is used
• Includes a frame counter, which prevents replay
  attacks
• Extra Countermeasures
• Special mechanism detects an attempt to break
  TKIP and temporarily blocks communications with
  the attacker

6
Features in WPA2

• Authentication Integrity
• Key management and message integrity is handled
  by a single component built around AES
• Using a CBC-MAC (Cipher Block Chaining Message
  Authentication Code)
• Encryption
• Uses CTR (Counter mode) AES (128 bit)
• Computationally expensive and adds a significant
  amount of overhead
• Why not OCB (Offset Code Block) mode ?
• OCB known to be efficient and fast
• Summary
• Implements the mandatory elements of 802.11i
• Use CCMP (Counter Mode with Cipher Block Chaining
  Message Authentication Code Protocol) instead of
  TKIP

7
WEP, WPA, WPA2 Comparision

• Encryption
• WEP WPA - RC4
• WPA2 - AES
• Key Size Life
• WEP - 40/104 bit, 24 bit IV then wrap
• WPA - 128 bit, 48 bit IV then wrap
• WPA2 - 128 bit, IV not reused
• Key Management
• WEP - None
• WPA WPA2 - 802.11i 4-Way Handshake
• Data Integrity
• WEP - CRC-32 (Except Header)
• WPA - Michael
• WPA2 - CCM

8
Relevant Exam Questions

• Compare the advantages disadvantages between
  WEP WPA2
• What are the main areas of improvement in IEEE
  802.11i amendment ?
• What are the primary flaws of WEP ?
• What are the differences between WEP WPA ?

9
References

• IEEE 802.11,
• http//en.wikipedia.org/wiki/IEEE_802.11
• IEEE 802.11i,
• http//en.wikipedia.org/wiki/WPA2
• IEEE 802.11i Overview, http//www.drizzle.com/abo
  ba/IEEE/11-05-0123-01-0jtc-802-11i-overview.ppt
• Wireless Network Security
• http//www.cs.fsu.edu/yasinsac/WNS05u/class3.pdf
  
• A Comprehensive Review of 802.11 Wireless LAN
  Securityand the Cisco Wireless Security Suite
• http//www.cisco.com/warp/public/cc/pd/witc/ao120
  0ap/prodlit/wswpf_wp.pdf

10
Questions ???
11
Thank You