What is WPA?

As discussed earlier, WPA stands for Wi-Fi Protected Access. It supersedes the earlier security standard WEP (For more details, refer to an article on WEP). Now, what is WPA? WPA is a security standard developed by the wi-fi alliance, and it provides better encryption and authentication mechanism to secure wireless networks than WEP. It uses Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) algorithms to randomize the secret key for cryptographic activities. It also supports RADIUS authentication to add more security features. After establishing the connection with the WPA network, secret keys are generated for encrypting further communication.

WPA-PSK refers to WPA Pre Shared Key for encrypting and decrypting the data during communication. It is similar to a secret key used in the WEP security standard. The only difference is in WPA’s case; the secret key has been changed after some stipulated time using the TKIP algorithm. This makes it a little difficult for hackers to compromise the security of the wireless network.

What is WPA2?

WPA2 is an improved version of the security standard. It supersedes earlier security standard WPA and removes vulnerabilities. As we know WPA uses Temporal Key Integrity Protocol (TKIP) algorithm. Security researchers have found many security holes and vulnerabilities in the TKIP algorithm. Hence, the WPA2 standard came to overcome all these security issues. It is based on Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). While the client is connecting to a wi-fi network by using this security standard, it creates a unique secret key every time for encryption and decryption of data. This makes it difficult for cybercriminals or computer hackers to eavesdrop on network traffic and compromise the wi-fi network.

WPA2 Protocol Flaw Discovered

Nowadays, nothing is secure. In October 2017, a vulnerability in the WPA2 security standard was discovered by security researcher Mathy Vanhoef. This flaw allows an attacker to eavesdrop on wireless network traffic. KRACK (Key Reinstallation Attacks) is the proof-of-concept (POC) exploit for the vulnerability. Refer to https://www.krackattacks.com/ for more details.

The post What are WPA and WPA2? first appeared on All About Testing.

Important features of WEP

IEEE 802.11 standard defines WEP. It was designed to protect wireless network traffic from any type of sniffing and eavesdropping.

Now, first, we understand what is packet sniffing. Hackers generally intercept wired or wireless network traffic to steal sensitive data such as passwords, credit card details, social security numbers,s, etc. This technique is called packet sniffing. And Eavesdropping is the real-time capturing of network traffic to steal sensitive information. Apart from securing the integrity of data, it helps in the authentication of the user and prevents unauthorized access to the wireless network. How does the WEP protocol secure traffic? It uses a shared key to encrypt and decrypt data before sending and after receiving. It also uses hash value to verify the network packets and ensures integrity.

WEP uses the Rivest Cipher 4 (RC4) algorithm to provide encryption and decryption mechanism. RC4 is a symmetric stream cipher that uses the same static key (also called WEP key) for all types of encryption. RC4 is considered a weak algorithm by researchers.

Why is WEP discarded?

WEP was cracked by a group of researchers as soon as it was released. As this protocol uses the same shared key for encryption and decryption of data, if the attacker found WEP keys, he or she can join the network and decrypt all traffic. It just gives a false sense of security to the user. Currently, these algorithms can be cracked in less than 60 seconds.

WPA and WPA2 are the alternate protocols to secure wireless network traffic from any sniffing attack. It is much more secure than WEP. WPA was a temporary fix for the WEP algorithm based on LEAP and TKIP cryptosystem. Currently, WPA cracks are also available. WPA2 was released to mitigate all shortcomings of WEP and WPA2. This algorithm is still considered secure.

The post What is Wired Equivalent Privacy (WEP)? first appeared on All About Testing.