WLAN

secuiity
piotocols

Roles

Auvantages

Bisauvantages
WEP
(Wiieu
Equivalent
Piivacy)
! Wiieu Equivalent
Piivacy (WEP) is
the most wiuely
useu Wi-Fi secuiity
algoiithm in the
woilu. This is a
function of age,
backwaius
compatibility, anu
the fact that it
appeais fiist in the
enciyption type
selection menus in
many ioutei
contiol panels

! WEP woiks by
using seciet keys,
oi coues to enciypt
uata

! 0ses a sequence of
hexauecimal uigits.
This uigit sequence
must match on all
uevices tiying to
communicate on
the wiieless
netwoik. WEP keys
can be foimeu in
uiffeient lengths
uepenuing on the
type of WEP
enciyption being
utilizeu.
! 0ne auvantage to
using WEP is that
when useis
happen to see
youi netwoik
uuiing wiieless
uetection, they
will most likely be
uiscouiageu since
it will iequiie a
key. This makes it
cleai to the usei
that they aie not
welcome. Anothei
auvantage that
WEP offeis is
inteiopeiability,
since all wiieless
uevices suppoit
basic WEP
enciyption. This
can be useful
when tiying to
use oluei uevices
that neeu wiieless
connectivity.
! Bespite ievisions to
the algoiithm anu
an incieaseu key
size, ovei time
numeious secuiity
flaws weie
uiscoveieu in the
WEP stanuaiu anu,
as computing powei
incieaseu, it became
easiei anu easiei to
exploit them.

! Anothei
uisauvantage to
using WEP
enciyption is that if
the mastei key
neeus to be changeu,
it will have to be
manually changeu
on all uevices
connecteu to the
netwoik
WPA2
(8u2.11i)
! uses AES
(Auvanceu
Enciyption
Stanuaiu) to
pioviue stiongei
enciyption.

! The authentication
piece of WPA2 has
! 0sing goveinment
giaue AES
enciyption anu
8u2.1XEAP
authentication
WPA2 fuithei
enhances the
impiovements of
WPA
! BoS (Benial of
Seivice) attacks like
RF jamming, uata
floouing, anu Layei
2 session hijacking,
aie a ll attacks
against availability.

! Nanagement
two moues:
Peisonal anu
Enteipiise.
! The Peisonal moue
iequiies the use of
a PSK (Pie-Shaieu
Key) anu uoes not
iequiie useis to be
sepaiately
authenticateu. The
Enteipiise moue,
which iequiies the
useis to be
sepaiately
authenticateu.

! PNK caching
suppoit - allows
foi ieconnections
to AP's that the
client has iecently
been connecteu
without the neeu
to ie-authenticate.

! Pie-
authentication
suppoit - allows a
client to pie-
authenticate with
an AP towaius
which it is moving
while still
maintaining a
connection to the
AP it's moving
away fiom.
Fiames - iepoit
netwoik topology
anu mouify client
behavioi - aie not
piotecteu so they
pioviue an attackei
the means to
uiscovei the layou t
of the netwoik,
pinpoint the
location of uevices
theie foie allowing
foi moie successful
BoS attacks against
a netwoik.

! Beauthentication -
the aim is to foice
the client t o
ieauthenticate,
which coupleu with
the lack of
authentication foi
contiol fiames
which aie useu fo i
authentication anu
association make it
possible foi the
attackei to spoof
NAC auuiesses
WPA
(Wi-Fi
Piotecteu
Access)
! stiongei
enciyption
algoiithm cieateu
specifically by the
netwoiking
inuustiy to mitigate
the pioblems
associateu with
WEP

! Like WEP, WPA
uses the same
enciyptionueciypt
ion methou with all
uevices on the
wiieless netwoik,
but uoes not use
the same mastei
key.
! WPA uses a
Tempoiaiy Key
Integiity Piotocol
(TKIP), which
uynamically
changes the key as
uata packets aie
sent acioss the
netwoik

! Since the key is
constantly
changing, it makes
ciacking the key
much moie
uifficult than that
of WEP
! biggest issue being
incompatibility with
legacy haiuwaie
anu oluei opeiating
systems

! WPA also has a
laigei peifoimance
oveiheau anu
incieases uata
packet size leauing
to longei
tiansmission.
EAP
(Extensible
Authentication
Piotocol )
! Point-to-Point
piotocol (PPP) that
woiks with uial-up,
PPTP, anu L2TP
clients

! EAP allows the
auuition of new
authentication
methous known as
EAP types

! Both the uial-in
client anu the
iemote access
seivei must
suppoit the same
EAP type foi
successful
authentication to
occui.
! An authentication
fiamewoik in
same function.

! Compatible with
vaiious
authentication
methous.

! Sepaiate
authenticate fiom
seivei to
simplifieu
cieuentials
management anu
policy uecision.
! Complicateu
secuiity analysis
since the
authenticate has
been sepaiate fiom
authentication
seivei.

! EAP iequiieu as
auuition wheie new
authentication type
to point -to-point
LCP anu implement
PPP neeu to
mouifieu the
authentication
mouel foi secuie
authentication


Summaiy of Common EAP Authentication Nethous


Refeiences

|1j http:www.howtogeek.com16778Shtg-explains-the-uiffeience-between-
wep-wpa-anu-wpa2-wiieless-enciyption-anu-why-it-matteis
|2j http:www.biighthub.comcomputingsmb-secuiityaiticles78216.aspx
|Sj http:www.fieebsu.oiguochanubooknetwoik-wiieless.html
|4j http:uualism.hubpages.comhubWEP_vs_WPA
|Sj http:www.openxtia.co.ukaiticleswpa-vs-wep
|6jhttp:cs.gmu.euu~yhwang1INFS612Sample_PiojectsFall_u6_uPN_6_Fin
al_Repoit.puf
|7j http:technet.miciosoft.comen-uslibiaiycc9S8u1S.aspx
|8j http:www.opus1.comnacwhitepapeis-oluu4-eap_options-lvuS.puf