Wi-Fi Security Protocols

Wi-Fi Security Protocols

International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 12, December - 2013 Comparative Analysis: Wi-Fi Security Protocols Mayank Verma Jitendra Yadav M.Tech Scholar Assistant Professor JECRC University JECRC University Abstract: In recent years, various wireless LAN without needing them to be facing one another. technologies have gained rapid popularity and Wi-Fi Wireless local area networks (WLANs) have achieved a tremendous amount of growth in recent years. can be cited as most prominent or proficient Between various WLAN technologies, the IEEE technology today. Wi-Fi stands for Wireless Fidelity 802.11b based wireless LAN technology, Wireless and it operates in the unlicensed 2.4 GHz radio Fidelity (Wi-Fi), can be cited as most prominent spectrum, support variable data rates and it is used to technology today. define the wireless technology in the IEEE 802.11b In a perfect world, without wires we could, “send a standard. Wireless network provides many advantages lot of data, very far, very fast, for many separate uses, like mobility, cut costs but it is coupled with many and all at once”. Unfortunately, we do not live in a security threats such as replay attack, eaves dropping, perfect world; there are physical barriers that will not denial of services attack etc. The threats of intrusion allow all of these goals to occur simultaneously [1]. When form front a wireless LAN, it is very important into the wireless network have forced user to adopt a to set up secure methods for encryption and range of security. authentication so that the network can be used by This paper presents an analysis of the three security those devices or individuals that are authorized. In protocols, from the WLANs security requirements point past years several security protocols like Wired of view. In this paper, we discuss the wireless security IJERTIJERTEquivalent Privacy (WEP), Wi-Fi Protected Access protocols with details about the encryption & (WPA), and Wi-Fi Protected Access2 (WPA2) were authentication mechanism used and their limitations. emerged to add more authentication, confidentiality, message integrity in WLAN. The objective of this paper is to present an analysis of Keywords: Advanced Encryption Standard (AES), the most efficient and used security protocols Message Integrity Check (MIC), Rivest Cipher 4 implemented to overcome the security problem of (RC4), Wired Equivalent Privacy (WEP), Wi-Fi WLANs. This paper also discusses about Protected Access (WPA), Wi-Fi Protected Access 2 vulnerabilities & weakness of wireless security (WPA 2), Temporal Key Integrity Protocol (TKIP) protocols. Wired Equivalent Privacy (WEP) which was the first protocol for securing wireless network will be covered in Section 2, Wi-Fi Protected Access (WPA2) and Wi-Fi Protected Access 2 (WPA2) are discussed in Section 3 and 4 respectively. Section 5 I. INTRODUCTION presents a conclusion and comparative analysis between different wireless security protocols. Wi-Fi can be defined as an arrangement of wirelessly connecting devices that use radio waves for communication, allowing for connection between devices without the outlay of unwieldy cables or IJERTV2IS121127 www.ijert.org 2764 International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 12, December - 2013 II. WIRED EQUIVALENT PRIVACY A. WEP Encryption/Decryption Process Wired Equivalent Privacy (WEP) is the first WEP encryption process includes following steps: encryption algorithm introduced for Wi-Fi to make the 1. 40-bit secret key is concatenated with 24-bit wireless network at least as secure as a wired LAN. It initialization vector (IV). has no particular protection mechanism. WEP was 2. The resultant WEP traffic key act as seed to used to define the wireless security in the IEEE 802.11 Pseudo Random Number Generator (PRNG). standard and it was ratified in September 1999. The 3. Integrity Check Value (ICV) is generated by objective of Wired Equivalent Privacy (WEP) is to performing4 CRC-32 Integrity Algorithm on plain provide security akin to that of wired networks. Rivest text. Cipher4 (RC4) stream cipher is used by WEP to secure 4. The PRNG generates a key sequence (K) of wireless network in terms of confidentiality and CRC- pseudorandom octets equal in length to the 32 for data integrity. The standard specified for WEP number of data octets that are to be transmitted provides support for 40-bit key only but non standard plus 4 (since the key sequence is used to protect extensions have been provided by various vendors the Integrity Check Value (ICV) as well as the which provide support for key length 128 and 256 bits data). as well[2]. Standard 64-bit WEP uses a 40-bit shared 5. Afterwards, RC4 encryption process is applied on key which concatenated with 24-bit initialization Plain text + ICV and Key generated by PRNG to vector (IV) to form the RC4 traffic key. generate cipher text. IJERTIJERT Figure 1: WEP Encryption Process [3, 3] WEP Decryption process consists of following steps: B. WEP weaknesses 1. RC4 algorithm is applied to cipher text and key 1. Authentication related issue, uses one way sequence to get plain text and ICV. authentication. 2. Plain text and original ICV is obtained. 2. Lack of Key Management, same keys is used for 3. To generate new ICV, plain text acts as seed value longer duration. to Integrity Algorithm. 3. No session key is established during 4. Finally, new ICV is compared with original ICV to authentication. verify the result. 4. No replay protection. 5. Attacker can easily crack the key and can manipulate the data. IJERTV2IS121127 www.ijert.org 2765 International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 12, December - 2013 6. The size of Initialization Vector (IV) is short and before an association can be established [2, 23]. With can be reused. WPA-PSK we shape each WLAN node and the 7. Flooding cause denial of service attack. wireless devices are authenticated with access point 8. Easy forging of authentication message. using 256-bit key. III. Wi-Fi PROTECTED ACCESS (WPA) 2. WPA-Enterprise: This is designed for large corporation, business or enterprise networks. WPA- Wi-Fi Protected Access (WPA) is an enhanced version enterprise set up 802.1x authentication by means of a of wireless security which was introduced in 2003 by the Remote Authentication Dial In User Service Wi-Fi Alliance to overcome the flaws of WEP. As WEP (RADIUS) and Extensible Authentication Protocol was all broken, lot of cryptographic attacks were (EAP) to provide stronger authentication. The discovered like FMS attack, PTW attack etc. and Enterprise mode gives dynamic encryption keys basically what happen WEP was broken beyond repair. distributed securely after a user logins with their Then IEEE committee admitted that WEP cannot hold username and password or provides a valid digital the required security concern and introduced WPA as an certificate. Users never see the actual encryption keys intermediate solution to WEP. IEEE committee and they aren't stored on the device. WPA-Enterprises recommended user to upgrade to WPA, which uses provide excellent security to the wireless network Temporal Key Integrity Protocol (TKIP) based on WEP traffic. The various EAP methods are EAP- for encryption. WPA runs on the same hardware that Lightweight Extensible Authentication Protocol (EAP- WEP does and requires only firmware update. While still LEAP), EAP- Flexible Authentication via Secure utilizing RC4 encryption, TKIP utilizes a temporal Tunneled (EAP-FAST), EAP- Message Digest 5 encryption key that is regularly renewed, making it more (EAP-MD5), EAP- Transport Layer Security (EAP- difficult for a key to be stolen and then used to decipher TLS), EAP- Tunneled Transport Layer Security (EAP- a useful amount of information. In addition, data TTLS), EAP- Subscriber Identity Module of Global integrity was improved through the use of more robust System for Mobile Communications (EAP-SIM). hashing mechanism, the Michael Message Integrity Check (MMIC) [4]. It can also use AES for encryption C. WPA Weaknesses but not all WPA hardware supports AES. IJERT IJERT A. WPA Encryption Process 1. WPA uses weak encryption algorithm RC4 instead of Advanced Encryption Standard (AES). 2. Open source utility called Reaver can bypass To improve data encryption, WPA makes practical and WPA password if Wi-Fi Protected Setup (WPS) is effective use of TKIP. TKIP dynamically changes keys enabled. for each packet as the system is used; 128-bit per packet 3. WPA is vulnerable to dictionary attack in case of key is used. Michael algorithm is used to provide a weak passphrase. message integrity check and a re-keying mechanism, 4. It is vulnerable to Denial of Service (DOS) attack. thus fixing the flaws of WEP. 5. Increased data packet size leading to longer transmission B. WPA Authentication Mechanism 6. Complex setup is required for WPA-enterprise. 7. Incompatibility issues with legacy hardware. WPA can be enabled in two authentication versions: 8. Larger performance overhead. 1. WPA-Personal: This is mostly suitable for small offices or home computers. WPA-Personal is also known as WPA-PSK (Pre-Shared Key). For initiating the communication this static key is shared between two communicating parties. The key which is a Pairwise Master Key (PMK) in TKIP process must be in place Figure 2: TKIP encryption process IJERTV2IS121127 www.ijert.org 2766 International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 12, December - 2013 IV.Wi-Fi PROTECTED ACCESS 2 (WPA2) And, the decryption process is done in reverse order to obtain plaintext MPDU. It is done by concatenating the Wi-Fi Protected Access 2 (WPA2) is used to define the received MPDU header and the MPDU plaintext data wireless technology in the IEEE 802.11i standard. WPA from CCMP processing. 2 draft standard was authenticated on 24th June, 2004 and established in September, 2004.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    5 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us