Core 2 Wireless security and authentication methods

AES (advanced encryption standard)

A specification for the encryption of electronic data established by the NIST. Has a fixed block size (length of the string the cipher works on) of 128 bits, and a key size (the number of bits in a key of a cryptographic algorithm) of either 128, 192, 256 bits. The key size specifies the transformation rounds 10 for 128, 12 for 192, and 14 for 256.

TKIP (temporal key integrity protocol)

A security protocol design to replace WEP (wired equivalent protection) used in 802.11 wireless networking standard. TKIP introduced a key mixing function that combined the root key and the initialization vector before passing it to the RC4 cipher, a sequence counter that will rejected packets received out of order to prevent replay attacks, and a 64 bit MIC (message integrity check).

WPA2 (WiFi protected access)

A security standard design to improve security over TKIP (WPA). WPA2 uses the CCMP (an AES based encryption mode) block cipher for encryption. CCMP uses a 128 bit key and block size.

WPA3

A security standard designed to improve security over WPA2. The standard dictates a 192 bit cryptographic strength (a level of strength measured in computation work, in terms of operations needed to break the algorithm, 2¹⁹²) in enterprise mode, which is AES-256 in GCM and still mandates the use of CCMP-128 as the minimum encryption in personal mode, TKIP is not allowed in WPA3. It uses the galois/counter mode block cipher for encryption. The standard introduced a new way to generate session keys know as SAE (simultaneous authentication of equals).

Radius (remote authentication dial in user service)

A application layer protocol that aids in AAA management. One of the more common AAA protocols has wide support on a variety of platforms. Is more focused on end-user authentication. Provides centralized authentication for users for routers, switches, firewalls, server authentication, remote VPN access, 802.1x network access.

TACACS (terminal access controller access control system)

A protocol that handles AAA services, can operate in two modes one where traffic in sent in clear text and the only security is IP address filtering and the other where everything but the packet header is obfuscated. TACACS focuses more on administrator access to networking equipment than end user authentication. It offers robust functionality for admin authentication and command authorization.

Kerberos

A network protocol that aids in AAA services, it provides mutual authentication so both the user and server know each others identity. Kerberos was introduced to windows in 2000, commonly found there, supports SSO. Kerberos is more aimed towards authentication for applications and services inside of windows rather than RADIUS which tends to focus on authentication for network access.