To install StudyMoose App tap and then “Add to Home Screen”
Save to my list
Remove from my list
This paper reviews the history of Wireless LAN security from WEP to WPA3, along with the techniques and technologies underlying each of these methodologies. At each step, there is also mention of the improvements that each method made over its predecessor, and the types of attacks that made each one vulnerable. The paper begins with a brief history of communication up to the release of IEEE 802. 11 in 1997. It then explains the ideas behind WEP, namely the CRC-32 Checksum, Open Authentication, Shared Key Authentication, and the RC4 stream cypher.
Following this, there is a discussion of WPA, WPA2 and the techniques that support their -Personal/-Enterprise variants, though the -Personal variants are the primary foci of this paper. For this reason, we closely examine the four-way handshake, TKIP, CCMP, and the AES block cypher used in WPA/WPA2-Personal but use broader strokes when discussing the use of RADIUS servers and EAPOL in their -Enterprise counterparts. The paper then concludes with a look at WPA3 and the direction that the future of Wi-Fi security currently seems to be headed.
This again includes an examination of -Personal and -Enterprise security, as well as Wi-Fi Enhanced Open.
Since the dawn of history, human beings have been creating new and better ways to communicate with each other. First, we invented art, then language, then the written word. Eventually, we wanted to speak over long distances and we invented smoke signals and signal flags. All the while, we were trying to make our physically transported communication faster, inventing roads and delivering messages on horseback.
Following the discovery of electromagnetic waves in 1864, we began trying to use those to communicate as well. In 1876, Graham Bell invented the telephone. By 1895, we were sending radio signals more than a mile and by 1901, we were sending Morse code on telegraph lines across the Atlantic. In 1920, the first commercial radio broadcast began in Pittsburgh, and in 1927, Farnsworth invented the television. All this progress was made, all so that people could communicate better, faster, and across longer distances. All this progress was made, all leading to the creation of the pinnacles of human communication, the Internet, Ethernet, and WiFi, which dominate our lives today.
The main predecessors to these three technologies are the ARPANET, and ALOHAnet. ARPANET, along with the TCP/IP protocol that followed, was the first major wired network and a precursor to the Ethernet and Internet technologies that we have today. ALOHAnet and the ALOHA protocol, on the other hand, were the first wireless digital networking technologies and became operational in 1971. Many years after ALOHA, following the release of the ISM (2. 4GHz) band to the public for unlicensed use and the invention of the first wireless consumer products under the name WaveLAN, the first version of the 802. 11 protocol was released. This protocol, released in 1997, provided up to 2Mbit/s link speeds before being updated and popularized in 1999 with the release of 802. 11b, which improved the raw data rate to 11Mbit/s speeds. The 802. 11b standard used the same methodology as the legacy version, but the significant increase in throughput and major reductions in price that accompanied its release led to its swift adoption as the dominant wireless LAN technology. As a result, 802. 11 is the underlying standard behind all the Wi-Fi technology we know today. Along with this new technology came a need for new protocols to secure it. Wired Equivalent Privacy (WEP) was the first of these protocols, released alongside the legacy 802. 11 standard in 1997.
The protocol was created by a group of IEEE members and was intended to provide point-to-point security over Wi-Fi networks. To do this the CRC-32 checksum function was used to ensure data integrity, either Open System or Shared Key Authentication were used to verify clients, and the RC4 steam cipher to ensure confidentiality. The CRC-32 checksum function is a cyclic redundancy check that adds a check value of fixed length to encoded messages to verify that the data hasn’t been corrupted. This check value is a short binary sequence, calculated using a 33-bit polynomial, that is appended to each block of data to be sent or stored. This way, when a device retrieves the data it can calculate a new check value, compare it to the original, and know that the data is non-corrupted if the two checks match. Since CRCs are designed to protect against common errors made by communication networks, they are excellent at providing quick and reasonable assurance that data hasn’t been corrupted. However, it is important to note that CRCs are not the same as hash functions. Since there is no authentication and CRCs are easily reversible, they are not suitable for detecting intentional modification of data the way hashes would be. Open System authentication over WEP didn’t require clients to provide credentials to the access point during authentication, and therefore any client could attempt to associate itself with the network. This, in effect, meant that no authentication actually occurs with such a setup. Shared Key authentication, on the other hand, used with its four-step handshake to authenticate its users. In this authentication system, the client sends an authentication request to the access point, which replies over clear-text with a challenge.
The client then encrypts this challenge text with the configured WEP key and returns the encrypted text. Following this, the access point decrypts the response and allows the client to connect if the decryption matches the original challenge text. One would think that Shared Key authentication is more secure, but since one can capture the challenge frames in Shared Key authentication, this makes it easier to intercept and decrypt data being sent over the network. As a result, Open System authentication is actually more secure than its Shared Key counterpart in most situations.
The RC4 aspect of this formula worked as follows: after a user (in this example, “the sender”) connects to an access point, their system receives a 40-bit WEP key from the router. The sender then combines this WEP key with a randomly generated 24-bit Initialization Vector (IV) in order to create an RC4 cipher key. Performing the XOR operation on this key and the transmission data produced ciphertext, and then the sender would send a packet containing this ciphertext and the initialization vector to a receiver. Once the packet is received, the receiver can decrypt the data using the stored WEP key and the IV contained in the packet. Because RC4 is a stream cipher, it was extremely important that the same key never be used twice. This was the purpose of the initialization vector, newly generated at each transmission and intended to prevent repetition. However, a 24-bit IV was not long enough to guarantee this on busy networks. As a result, it was eventually discovered that through the use of simulated traffic, an attacker could recover keys in less than a minute and from that point forward, could eavesdrop on the network.
As a result of these issues, it became clear that WEP was not as secure as it was thought to be at the time of its release and was deprecated in 2004. This once again left the world in need of a wireless security standard. In order to address this issue, the Wi-Fi Alliance released the W-Fi Protected Access (WPA) security protocol in 2003. This standard came in two varieties, WPA-Personal and WPA-Enterprise, and was intended to be a temporary replacement for WEP until a new standard could be adopted following the release of IEEE 802. 11i in 2004. However, since the original WPA protocol implemented much of the 802. 11i standard already, it was a significant improvement over WEP even as a placeholder. The original WPA-Personal worked using the Temporal Key Integrity Protocol (TKIP), which modified the WEP protocol to implement three new security features that addressed security problems faced by traditional WEP networks. First, TKIP employed dynamic, per-packet key generation along with a key mixing function as a replacement for WEP keys. This meant that a new key was generated for each packet and that these keys were combined with the initialization vector before being passed to the RC4 cipher. This prevented many common attacks against the WEP protocol, particularly related key attacks. Second, WPA implements a sequence counter, which means that packets received out of order are rejected by the access point, effectively protecting against replay attacks. Finally, TKIP implements a 64-bit Message Integrity Check (MIC) named Michael in addition to the CRC-32 checksum. This continued to allow the detecting of unintentional corruption of data, but also made it much more difficult to intentionally modify data during an attack on the network.
For all these reasons, WPA and TKIP were a substantial improvement over the previous WEP standard. The message integrity check, per-packet key generation, broadcast key rotation, and the sequence counter discouraged many common attacks. WPA-Enterprise was even more of an improvement since it shared all the same features, but it used an 802. 1x RADIUS server and EAPOL to store per-user passwords for the authentication step, instead of using the conventional shared password model, even further cutting down on available traffic for sniffing and allowing an administrator to revoke one user’s access without affecting the others. However, TKIP (used in both versions) still used the same underlying mechanisms as WEP and was therefore vulnerable to many similar types of attacks, though these new attacks were often more difficult to execute. This continued vulnerability led to the adoption of WPA2, the successor that was always meant to replace WPA after the IEEE 802. 11i standard became available in 2004. While WPA implemented some aspects of this standard, WPA2 fully implemented all of them. This meant the adoption of two new user-authentication protocols, two new confidentiality and integrity protocols, and a new cipher algorithm. The two new user authentication protocols are known as the four-way handshake and the group key handshake. Initial authentication on WPA2-Personal is completed using a pre-shared key (PSK). WPA-2 Enterprise instead continued to use a RADIUS server and EAPOL for the initial step. In either case, after initial authentication a shared secret key known as the pairwise master key (PMK) is generated and the four-way handshake begins.
The four-way handshake is designed so that the access point and client can both independently prove to each other that they know the PSK/PMK without ever disclosing the key itself. Instead, the access point and client encrypt messages using their own keys, send these messages to each other, and decrypt the message they receive using the same keys they used to encrypt. If both decryptions are successful, authentication is complete. This type of authentication is critical for protecting the PMK from malicious access points and is designed to last the entire session while being exposed as little as possible. Because of the rule requiring minimal exposure, another key called the Pairwise Transient Key (PTK) must be used in place of the PMK to encrypt network traffic. To generate this key, we perform another four-way handshake as depicted in the figure below. This handshake is used to concatenate the PMK, the Access Point Nonce, the Station Nonce, the Access Point’s MAC address, and the Station’s MAC address, before sending the combined value through a pseudo-random function to generate the PTK. The PTK also has a counterpart known as the Group Temporal Key (GTK) which is used to decrypt multicast and broadcast traffic. The GTK is generated through the second new authentication protocol, the Group Key Handshake, and is updated at the expiration of a preset timer or when a device leaves the network. The Group Key Handshake is a two-way handshake in which the access point sends the new GTK to each station, and each of these stations acknowledge the update by replying to the access point.
In addition to these new handshakes, WPA2 also implemented two new message confidentiality and integrity protocols, TKIP and the Counter Mode Cipher Block Chaining Message Authentication Protocol (CCMP). TKIP used the RC4 stream cipher and worked exactly as described previously in this paper. At the core of CCMP, conversely, is the Advanced Encryption Standard (AES) block cipher, the encryption algorithm that replaced RC4 which makes CCMP so much more robust than TKIP. CCMP is based on the CCM of this algorithm and combines CTR for confidentiality with CBC-MAC for authentication and integrity. This protects both the MPDU data field and selected portions of the MPDU header. As a result, CCMP is mandated over TKIP except in cases where an old device lacked CCMP capability. An understanding of the techniques behind AES makes the reasons for this mandate clear.
AES is a subset of the Rijndael block cipher, meaning it uses different key and block ciphers. It is a symmetric-key algorithm that is based on the design principle known as a substitution permutation network and is fast in both software and hardware. It uses a fixed block size of 128 bits (organized into 4x4 “state arrays” of 8-bit bytes) and a key size of 128, 192, or 256 bits. The key size for an AES cipher specifies the number of transformation rounds. 10 rounds are used for 128-bit keys, 12 rounds for 192-bit keys, and 14 for 256-bit keys. Each round consists of several transformations, including one that depends on the key itself, and this dependency on the key one of the primary factors that make the algorithm secure. The transformation begins with key expansion and an initial addition of the round key, continues with a number of rounds which involve a substitution of bytes, shifting of rows, mixing of columns, and additional additions of round keys, and then closes with a final round of substituting bytes, shifting rows, and adding a final round key.
The first of the transformations in each round is a substitution, in which each byte in the state array is replaced by a different byte in a manner specified by an 8-bit substitution box. This provides non-linearity of the cipher. The next transformation shifts the bytes in each row by a specified offset. The bytes of the first row are left unchanged, those in the second row are shifted one spot to the left, those in the third row are shifted two spots, and the final row is shifted three spots. This way the encryption of each column is dependent on the others, which prevents the deterioration of the AES algorithm into four separate block ciphers. The third transformation involves the mixing of columns in a way that provides diffusion in the cipher. Finally, the fourth transformation involves the combining of state array with the 128-bit round key (a subkey of the original 128-, 192-, or 256-bit key) using the bitwise XOR operation. Each of these transformations are described in the below figures.
The use of four transformations per round, combined with the use of several rounds each of which depends on its own key (though each one is derived from a shared, larger key), is the reason that AES, and by extension CCMP and WPA2, has remained mostly secure since adoption in 2004. However, there is always room for improvement. In that spirit, the Wi-Fi Alliance announced WPA3 in June 2018. Since WPA3 relies on multiple new technologies, many of which involve highly complex mathematics, it is difficult to go into as much detail regarding its implementation as we were able with the implementations previously discussed in this paper. That said, WPA3 (which still features both -Personal and -Enterprise editions) is the future of Wi-Fi security and must at least be discussed in generalities. WPA3-Personal replaces the pre-shared key and four-way handshake from WPA-2 with a new Simultaneous Authentication of Equals (SAE) technique, a new form of password-based authentication which provides even more security, even when passwords are weaker than most standards suggest. This is because SAE is resistant to offline attacks in which attackers use a dictionary to discern a password from a stolen packet without ever needing to reconnect to the network for testing after this packet is acquired. Under SAE, each time an attacker wants to make a new guess at a password, he must interact with the network.
This makes the process not only more difficult, but significantly more time-consuming as well. WPA3-Personal will also add a number of features such as natural password selection, which suggests passwords to users that are both strong and memorable, and forward secrecy which protects data traffic even if a password is compromised after the data was transmitted. In addition to these upgrades to the Personal edition, the Enterprise edition of WPA3 will offer 192-bit minimum-strength security protocols that will integrate a number of advanced cryptographic tools. These tools include a 256-bit Galois/Counter Mode authenticated encryption, key derivation and confirmation using Hashed Message Authentication mode with SHA384, key establishment and authentication using an Elliptic Curve Diffie-Hellman exchange and the Elliptic Curve Digital Signature Algorithm, each with a 384-bit elliptic curve, and a 256-bit Broadcast/Multicast Integrity Protocol that ensures management frame protection. This means that not only has WPA3 upgraded personal Wi-Fi security, but enterprise Wi-Fi has received significant upgrades as well. In addition to WPA3-Personal and -Enterprise, WPA3 will also allow us to secure one last type of network for the very first time: open networks. “Wi-Fi Enhanced Open” is a new program announced by the Wi-Fi Alliance that will accompany the release of the WPA3 technology which makes it possible. It provides confidentiality of information for airborne communication even on open networks, such as those found in coffee shops, that until now had no protections at all.
These networks will remain user-friendly, with the same open, no-password-necessary access that we are all used to, but the connection between device and access point will now be fully encrypted. This all relies on the Opportunistic Wireless Encryption standard, which was defined by the Internet Engineering Task Force as an extension to IEEE 802. 11 and relies on the same technology behind the operation of WPA3. This means that all types of networks, whether open or password-protected, for personal or business use, will now have the capability to be more secure than ever before as a result of WPA3. For these reasons, WPA3 is considered to be the “the new generation of Wi-Fi security”, and while it is not yet required on all devices, it certainly will become a mandate as the market scales its adoption. In conclusion, while Wi-Fi and the 802. 11 protocol were viewed by many as the ultimate merging of advances in communication and technology, it quickly became clear that these networks needed to offer significantly better data-security if they were ever going to reach their full potential. WEP was our first attempt to provide this security, and its CRC-32 checksum, RC4 stream cypher, and different authentication techniques did an excellent job for a while. But as technology kept moving forward, network attacking techniques moved forward with them. As a result, WEP needed to be replaced by 2004 with WPA. WPA was a temporary improvement over WEP, but the adoption of WPA2 and 802. 11i standard a short while later was a significant and long-lasting one. It’s four-way handshake, along with CCMP and the AES block cypher used in the -Personal editions provided such robust network security that WPA2 remains in use today, over a decade later.
Furthermore, since the -Enterprise editions of WPA provided even more security through an improved authentication protocol, those networks could continue to be in use for many years to come. Despite the strength of WPA2, though, we continue to improve further with the recent release of WPA3. This is the next generation of Wi-Fi security and provides more confidentiality, access control, and data integrity over these networks than ever before. Personal networks rely on new forms of user-authentication and data-encryption, Enterprise networks offer a host of new features, and Open networks now offer point-to-point security that allows them to be trusted even if users take no additional security measures. This means one thing is certain: we have come a long way since WEP, and we surely continue moving forward even after WPA3 is retired, assuming that day is ever to come.
THE EVOLUTION OF WI-FI SECURITY. (2024, Feb 27). Retrieved from https://studymoose.com/the-evolution-of-wi-fi-security-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment