Understanding Wi-Fi Security Protocols: WEP, WPA, WPA2, and the Four Way WPA Handshake

            
 

            

        

          

         
          

          

              

                
              
 
          









 
What is WEP Protocol?

 
WEP (Wired Equivalent Privacy) is an outdated security protocol designed for Wi-Fi networks. It was intended to provide a level of security similar to that of wired networks. However, due to its significant security vulnerabilities, WEP is now considered deprecated and should not be used.


 
WEP Protocol Steps



1. Association Request and Response


    

  • Client: The client sends an association request to the access point (AP).
    • 

  • AP: The AP responds with an association response, granting or denying the association request based on factors like authentication and signal strength.
    • 




2. Authentication


    

  • WEP Authentication: WEP uses a simple authentication mechanism that involves sending a shared secret key between the client and the AP.
    • 

  • Key Exchange: The client and AP exchange encrypted messages using the shared secret key to verify authentication.
    • 




3. Encryption and Decryption


    

  • Key Derivation: The AP derives an encryption key from the shared secret key and the IV (Initialization Vector).
    • 

  • Encryption: The client encrypts data packets using the derived key and the IV.
    • 

  • Transmission: The encrypted data packets are transmitted to the AP.
    • 

  • Decryption: The AP decrypts the received packets using the same key and IV.
    • 




4. Data Transmission


    

  • Data Exchange: Once authentication and encryption are established, the client and AP can exchange data.
    • 

  • Packet Integrity: WEP uses a checksum to verify the integrity of data packets.
    • 




Key Vulnerabilities of WEP


    

  • Static Encryption Key: The use of a static encryption key makes WEP vulnerable to attacks like dictionary attacks and brute-force attacks.
    • 

  • IV Reuse: Due to the limited size of the IV, it's possible for the same IV to be reused, leading to vulnerabilities.
    • 

  • Weak Authentication: WEP's authentication mechanism is simple and can be easily bypassed.
    • 




It's important to note that WEP is a highly insecure protocol and should not be used in any modern wireless network. WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access 2) are far more secure alternatives that address the weaknesses of WEP.




What is WPA (Wi-Fi Protected Access) Protocol?



WPA (Wi-Fi Protected Access) is a security protocol designed to improve the security of wireless networks. It was introduced in 2003 as a response to the security vulnerabilities found in the older WEP (Wired Equivalent Privacy) protocol.



WPA offers several key improvements over WEP, including:



    

  • Dynamic encryption keys: WPA uses a dynamic encryption key that changes frequently, making it much harder for attackers to compromise.
    • 

  • Temporal Key Integrity Protocol (TKIP): TKIP provides additional protection against attacks by verifying the integrity of data packets.
    • 

  • Enhanced authentication: WPA uses a more robust authentication mechanism to prevent unauthorized access.
    • 




How WPA Works?



Association Request and Response


    

  • The client sends an association request to the access point (AP).
    • 

  • The AP responds with an association response, granting or denying the request based on factors like authentication and signal strength.
    • 




Authentication


    

  • Using EAP, the client and AP authenticate with each other.
    • 

  • A shared secret key is established between them.
    • 




Key Derivation


    

  • The shared secret key is used to derive the PMK (Pairwise Master Key), a long-term key.
    • 

  • The PMK, along with other parameters, is used to derive the PTK (Pairwise Transient Key), a session-specific key.
    • 




Four-Way Handshake


    

  • A series of messages is exchanged between the client and AP to establish secure communication using the PTK.
    • 




Data Transmission


    

  • Data packets are encrypted using the PTK and transmitted between the client and AP.
    • 

  • The AP decrypts the received packets using the PTK.
    • 

  • A MIC (Message Integrity Code) is used to verify the integrity of data packets.
    • 




What is WPA 2 Protocol and how its different from WPA ? 


WPA2 (Wi-Fi Protected Access 2) is a security protocol designed to improve the security of wireless networks. It was introduced in 2004 as a successor to WPA and is considered the most secure Wi-Fi security protocol available today.



WPA2 offers several key improvements over WPA, including:



    

  • AES (Advanced Encryption Standard): WPA2 uses AES for encryption, which is considered to be much stronger than the TKIP (Temporal Key Integrity Protocol) used by WPA.
    • 

  • Counter Mode with CBC-MAC (CCM): WPA2 uses CCM for message integrity, providing additional protection against attacks.
    • 

  • Improved key management: WPA2 has better key management mechanisms to prevent attacks like replay attacks.
    • 




Due to its enhanced security features, WPA2 is the recommended Wi-Fi security protocol for most devices and networks.



Four-Way WPA Handshake



The four-way handshake is a crucial process in WPA (Wi-Fi Protected Access) and WPA2 security protocols. It's a series of message exchanges between a wireless client and an access point (AP) to establish a secure connection.



Steps in the Four-Way Handshake



Message 1: AP to Client


    

  • The AP sends a message to the client, containing:
    • 

      

    • A nonce (a random number) generated by the AP
      • 

    • A timestamp
      • 

    




Message 2: Client to AP


    

  • The client responds with a message containing:
    • 

      

    • A nonce generated by the client
      • 

    • A message integrity code (MIC) calculated using the PMK (Pairwise Master Key), the AP's nonce, the client's nonce, and other parameters.
      • 

    




Message 3: AP to Client


    

  • The AP sends a message containing:
    • 

      

    • A MIC calculated using the PMK, the AP's nonce, the client's nonce, and other parameters.
      • 

    




Message 4: Client to AP


    

  • The client sends a message containing:
    • 

      

    • A MIC calculated using the PMK, the AP's nonce, the client's nonce, and other parameters.
      • 

    




Key Points


    

  • The PMK is a long-term key derived from a shared password or passphrase.
    • 

  • The nonces are random numbers used to ensure the uniqueness of each handshake.
    • 

  • The MICs are used to verify the integrity of the messages and prevent tampering.
    • 

  • After the four-way handshake is complete, the client and AP have established a secure connection and can exchange data using the PTK (Pairwise Transient Key) derived from the PMK and nonces.
    • 




The four-way handshake is essential for establishing secure wireless connections. It ensures that the client and AP are authentic and that the communication channel is protected from unauthorized access.