Wired Equivalent Privacy (WEP) Protocol is a basic security feature in the IEEE 802.11 standard, intended to provide confidentiality over a wireless network by encrypting information sent over the network. A key-scheduling flaw has been discovered in WEP, so it is now considered as unsecured because a WEP key can be cracked in a few minutes with the aid of automated tools. Therefore, WEP should not be used unless a more secure method is not available.
WI-FI PROTECTED ACCESS AND WI-FI PROTECTED ACCESS 2
Wi-Fi Protected Access (WPA) is a wireless security protocol designed to address and fix the known security issues in WEP. WPA provides users with a higher level of assurance that their data will remain protected by using Temporal Key Integrity Protocol (TKIP) for data encryption. 802.1x authentication has been introduced in this protocol to improve user authentication.
Wi-Fi Protected Access 2 (WPA2), based on IEEE 802.11i, is a new wireless security protocol in which only authorised users can access a wireless device, with features supporting stronger cryptography (e.g. Advanced Encryption Standard or AES), stronger authentication control (e.g. Extensible Authentication Protocol or EAP), key management, replay attack protection and data integrity.
In July 2010, a security vendor claimed they discovered vulnerability on WPA2 protocol, named "Hole 196". By exploiting the vulnerability, an internal authenticated Wi-Fi user can decrypt private
data of others and inject malicious traffic into the wireless network. After investigation1, such attack cannot actually recover, break or crack any WPA2 encryption keys (AES or TKIP). Attackers can only masquerade as AP and launch a man-in-the-middle attack when clients attached to them.
Moreover, such attack would not be succeeded in a proper configured environment. If client isolation feature is enabled in access points, wireless clients are not allowed to talk with each other when they are attaching to the same access point. In this connection, attacker is unable to launch man-in-the-middle attack to other wireless users.
TKIP was designed to use with WPA while the stronger algorithm AES was designed to use with WPA2. Some devices may allow WPA to work with AES while some others may allow WPA2 to work with TKIP. But since November 2008, vulnerability in TKIP was uncovered where attacker may be able to decrypt small packets and inject arbitrary data into wireless network. Thus, TKIP encryption is no longer considered as a secure implementation. New deployments should consider using the stronger combination of WPA2 with AES encryption.
0 σχόλια:
Δημοσίευση σχολίου