Wi-Fi is rapidly becoming the most preferred medium of internet connection as almost every place has started to boast of a Wi-Fi connection as a facility. Among all this development one issue however remains unchanged/unsolved and that is the SECURITY of Wi-Fi.
So I thought of sharing some basics about the wi-fi encryption schemes and security types used commonly:
1. No Authentication (Open)
This system doesn’t use any encryption method and is vulnerable to any kind of attack like Man In The Middle Attack. You should never ever use it.
2. Wired Equivalent Privacy (WEP)
This was the first security scheme used when Wi-Fi was introduced. It comes under 2 modes:
- Weak Security(64-bit)
- Strong Security (128- bit)
Problem with WEP: It uses Cyclic Redundancy Check (CRC). CRC’s main flaw was that it did not provide a sufficiently strong data integrity guarantee for the packets it handled. Also the key must be manually entered on wireless access points & devices, and does not change.
Hence this system has been exploited so much that now it is considered unsafe and it is more or less equivalent to No Authentication , hence it is not advisable to use it either. However, in spite of being easily hacked, WEP connections are still widely used and may be providing a false sense of security to the many people who are using WEP as the encryption protocol for their wireless networks (either because they haven’t changed the default security on their wireless access points/routers or because these devices are older and not capable of WPA or higher security).
3. Wi-Fi Protected Access (WPA)
WPA is the solution to all the problems which WEP can’t solve. It operates in two basic modes:
- WPA -PSK (Pre-shared Key or WPA-Personal)
- WPA-802.1x (RADIUS or WPA-Enterprise)
WPA-PSK:
The WPA protocol implements Temporal Key Integrity Protocol (TKIP). TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP. WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets.
It is vulnerable to password cracking attacks and a flaw has been discovered which relies on a previously known flaw in WEP that can be exploited only for the TKIP algorithm in WPA.
WPA- Enterprise:
In the Enterprise mode, which is more difficult to configure, the 802.1 x RADIUS servers and an Extensible Authentication Protocol (EAP) are used for authentication. It provides protection against dictionary attacks on short passwords.
Problems With WPA : Vulnerable to Denial Of Service Attack , Complicated Setup and greater overhead then WEP.
4. WPA2-
It is better than the WPA and uses CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) , a new AES(Advanced Encryption Standard) based encryption mode with stronger security.
NOTE: There is a vulnerability called Hole196 in WPA2 which can be used to conduct man-in-the-middle and denial-of-service attacks. But it is much harder to do so in WPA2 than WPA.
Words of Advice – Always use WPA2 as the security system while setting up your own router.