Wireless Cryptographic Protocols – CompTIA Security+ SY0-501 – 6.3


Unlike a wired
network connection, wireless networks can
be heard by anyone who’s close by who
would care to listen in. This means that the data we send
across our wireless networks could potentially be
gathered by anyone nearby. The solution for this is
obviously to encrypt the data. Even if someone was
to capture everything that we send from
our computer, they wouldn’t be able to read any of
it because all of the traffic would be encrypted. Of course, there
are other people on the wireless
network that would like to communicate with you. And in those cases, we
might configure WPA or WPA2 encryption so that everyone can
have a protected communications channel while on the
wireless network. One of the very first
encryption types we used on wireless
networks was WEP. WEP stands for Wired
Equivalent Privacy. Unfortunately, in 2002, we
found significant cryptographic vulnerabilities
with WEP and decided this would not be appropriate
to use going forward. But we needed some
short-term protection. We couldn’t use WEP any longer,
and we weren’t quite sure where we would go
with encryption on wireless networks. The solution was a mid-term
encryption protocol named WPA or Wi-Fi Protected Access. WPA used RC4 ciphers with TKIP,
which is Temporal Key Integrity Protocol. It was able to take
an initialization vector that was much larger than
what we were using with WEP. And every packet that we were
sending over a WPA network included a unique
128-bit encryption key. TKIP was an interesting addition
to our wireless encryption. This is something that
wasn’t available in WEP. And this allowed us to
combine a secret route key with our initialization vector. It also added a
sequence counter so that no one could replay
this traffic in an effort to gain access to the network. TKIP also included a
64-bit message integrity check to make sure that
nobody tampered with the data as it was going through
the wireless network. But unfortunately, we found some
implementation vulnerabilities with TKIP. And we decided this would
not be appropriate to use going forward. The most modern
wireless encryption that we use on our networks
today was introduced in 2004. This was WPA2– the WPA2 being
the second edition of that. WPA2 included AES to
provide the encryption. This is the Advanced
Encryption Standard. We use that instead
of the RC4 cipher. And it also included
CCMP, which is Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol. And that was the
replacement for TKIP. CCMP is a block cipher mode
that uses 128-bit keys, and it encrypts in
128-bit block sizes. This increased security
came at a cost, however. Some of the older
hardware was not able to run this more
advanced encryption scheme. These days, modern hardware
is able to run WPA2 without a problem. And all of your wireless
equipment should be using WPA2. It provides the
data confidentiality you need for encrypted data. It provides authentication. And it provides
the access control you need to your
wireless network.

Leave a Reply

Your email address will not be published. Required fields are marked *