2.3 - Wireless Encryption

Challenges of Wireless Networks

  • Wireless networks operate in the air, allowing anyone within range to potentially intercept communication.

  • Essential to engineer wireless networks to restrict access to authorized users only.

Authentication Requirements

  • Authentication is required before using the wireless network, commonly through:

    • Username

    • Password

    • Other authentication factors

  • Unauthorized individuals can see the traffic even if not authenticated.

Importance of Encryption

  • Critical to enable encryption for all data transmitted over the air to secure communications.

  • Many wireless technologies include a message integrity check (MIC) to verify the integrity of received data.

Wireless Protocol Analyzer

  • A tool that can be activated to collect data transmitted over the air.

  • Highlights the necessity for robust encryption protocols in wireless networks.

Encryption Protocols

WPA2 and WPA3

  • Traditional 802.11 wireless networks can use:

    • WPA2 (Wi-Fi Protected Access 2)

    • WPA3 (Wi-Fi Protected Access 3)

Transition from WEP to WPA (2002)

  • WEP (Wired Equivalent Privacy) had significant cryptographic vulnerabilities.

  • Shift to WPA was essential as a temporary solution:

    • WPA utilized TKIP (Temporal Key Integrity Protocol) for encryption.

    • TKIP could run on existing access point hardware without the need for upgrades.

  • WPA was recognized as a stopgap; a more permanent solution was necessary.

Introduction of WPA2 (2004)

  • WPA2 was developed as a more robust and long-term solution.

  • Utilized AES (Advanced Encryption Standard), offering stronger encryption than TKIP.

  • The adoption of WPA2 increased processing power requirements:

    • Organizations typically upgraded access points to implement WPA2.

    • WPA2 remains prevalent in current wireless networks.

Features of WPA3 (Introduced in 2018)

  • Strengthened AES encryption.

  • Improved security during initial key exchange upon connection.

  • Support for encryption on open networks:

    • Automatic creation of encryption keys in public settings (e.g., coffee shops).

Wireless Network Configuration Settings

Open System Configuration

  • An open network lacks password protection, allowing anyone to connect:

    • Common in public areas such as coffee shops or hotels.

Personal Network Configurations

  • For home use, configuring with WPA2 or WPA3 is advisable:

    • Implementation of a password or passphrase for network protection.

    • Guests connect by using the shared password.

Pre-shared Key Concept

  • The shared password for personal network use is referred to as a pre-shared key:

    • Everyone uses the same key for access.

Enterprise Mode Considerations

WPA2/WPA3 in Enterprise Mode

  • In business environments, each individual should have unique access credentials:

    • Use of a centralized authentication database for validation.

  • This model enhances security by allowing individual login credentials:

    • Disabling an account when an employee leaves the organization ensures removal of access.