There are many different aspects to encryption over a wireless network. In this video, you’ll learn about WPA2, WPA3, pre-shared keys, SAE, and more.
If you’re using a wireless network in your company, then you’re probably sending sensitive information over that network all the time. This means that we need to limit the people who might have access to that wireless network to provide the confidentiality we need to secure all of our data. This means that we’ll need to authenticate users before granting them access to the wireless network.
This usually involves assigning a username, a password, and there’s very often even multifactor authentication we might add to that. And you have to provide all of that information before you get access to the wireless network. This ensures that everything sent across the network is only sent to people who are authorized to be on the wireless network. And it ensures that everything we’re sending over that wireless network is encrypted and protected.
And there’s also a mechanism within the wireless network that ensures the data that was sent is what is being properly received on the other side. This is commonly referred to as a Message Integrity Check, or an MIC.
One type of encryption you might find on a legacy wireless device is WPA. This is WPA without a number after it. This was the original version of Wi-Fi Protected Access. And it was introduced in 2002 as a replacement for WEB, or Wired Equivalent Privacy. We found significant cryptographic vulnerabilities in the WEB. We immediately removed it from our networks. And we replaced it with WPA.
But we knew that WPA would not be the final version of a protected protocol on our wireless networks. But we needed something in the short term that would be able to use the same hardware that we were using with the Wired Equivalent Privacy encryption. This means that we created WPA using an encryption cipher of RC4, along with a Temporal Key Integrity Protocol, or TKIP. This included a larger Initialization Vector, or IV. And it encrypted the hash communication being sent across the wireless network. Every packet sent across the wireless network had its own encryption key, which resolved some of the problems we had with the older WEB protocol.
The problem with wireless networks, of course, is that this is information that’s going over the air. If you happen to know what frequencies are in use and you have the proper equipment, you can grab that information from the air and look at it.
This means that if you want to send something that’s private or personal over this wireless network, you need to encrypt the data so that if someone does intercept that information going over the air, they wouldn’t be able to read anything that they’ve received. You have to have the right encryption key to be able to send and receive information over this wireless network. And we commonly see this implemented on today’s wireless networks using WPA2 and WPA3.
WPA2 is Wi-Fi Protected Access version II. The certification for this began in 2004. And it uses a block mode of encryption called CCMP. CCMP stands for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. You might also see this referred to as Counter/CBC-MAC Protocol.
This isn’t just one technology that’s used to protect the data. It’s a combination of technologies. And CCMP uses the AES encryption mechanism for data confidentiality. And it uses CBC-MAC as the Message Integrity Check, or MIC.
In 2018, an updated version of WPA was introduced. This is Wi-FI Protected Access 3, or WPA3. Instead of using CCMP, WPA3 uses GCMP. This is the Galois/Counter Mode Protocol, which is considered to be a stronger encryption method than the older WPA2. This allows us to encrypt data using AES. It includes a message integrity check. But it includes this with a Galois Message Authentication Code, or GMAC.
To date, we have not had any significant cryptographic vulnerabilities associated with WPA2. But there are some shortcomings with WPA2 that could allow someone to perform a brute force attack on a hashed password.
There’s a handshake method that occurs between the client and the access point when connecting to a WPA2 network. If you’re using a pre-shared key or shared password that’s used for the entire wireless network, there are ways to derive the hash that is sent across that wireless network.
Now, with the hash itself, you’re not able to gain access to the network. But if you’re able to take that hash and perform a brute force, you could eventually determine what that pre-shared key happens to be.
One constant challenge as we’re trying to protect against brute force is keeping up with the technology and the changes in speed that we have with our systems. If you’re using a short pre-shared key or you’re using a name that’s very common from the dictionary, those would be very easy to brute force. But we’ve also been able to increase the speed of our brute force attacks by including graphics processing units or cloud-based password cracking. If someone is able to capture the hash, brute force the hash, and ultimately determine the pre-shared key, then they would, effectively, have access to the rest of the wireless network data.