Friday, September 17, 2010

Confused by WEP, WPA, TKIP, AES & Other Wireless Security Acronyms?

SkyHi @ Friday, September 17, 2010

I found an interesting article today which sums up most of the acryonyms involved in wireless networks

and wireless security and explain them all in brief.


It may clear things up for some people who get overwhelmed by all the jargon, especially with the recent news hitting the mainstream about WPA being partially cracked.


Users have every right to be perplexed by wireless security standards. Faced by an alphabet soup of AES, RADIUS, WEP, WPA, TKIP, EAP, LEAP and 802.1x, many users don’t secure their wireless networks at all. Now that earlier wireless security standards such as Wi-Fi Protected Access and Wired Equivalent Privacy are being cracked, it’s time to examine what all the terms mean and think about changes.


Just about a month ago, in early November, the news came out that the first cracks were appearing in WPA, or Wi-Fi Protected Access, a very popular wireless security standard. The compromise that was accomplished by some researchers was not a real killer, but the affected version of WPA (and the associated encryption process, TKIP, or Temporal Key Integrity Protocol), was always meant as a stopgap standard.


So here you go, the acronyms, hope it’s useful to someone :)


  • WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
  • WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
  • WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
  • WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM)
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • 802.11i—An IEEE standard specifying security mechanisms for 802.11 networks. 802.11i uses AES and includes improvements in key management, user authentication through 802.1X and data integrity of headers.
  • CCMP—Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.


REFERENCES
http://www.darknet.org.uk/2008/12/confused-by-wep-wpa-tkip-aes-other-wireless-security-acronyms/


I thought this might be helpful in a thread on its own.

 

 

WPA

Implements the majority of IEEE 802.11i, but with different headers (so can operate both in same network). Designed to require only a firmware upgrade (full 802.11i usually requires hardware change).

As designed, WPA uses TKIP and Michael for message integrity, based on RC4 for encryption.

Pre-shared (personal) vs. Enterprise (RADIUS)

Defines the type of authentication used.

WPA (and WPA2) may operate in enterprise mode, using a RADIUS server to hold per-user keys. This allows individual access to be controlled in a large network. For a small network, e.g. home network, without a RADIUS server a pre-shared key (PSK) may be used. The same key is used by all clients, so may require more work to update.

 

TKIP vs. AES-based CCMP

Defines the algorithm used for message integrity and confidentiality.

WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).

However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).

AES is optional in WPA; in WPA2 both AES is mandatory, BUT TKIP is optional.

Note that TKIP is not directly comparable to AES; TKIP is an integrity check, AES is an encryption algorithm.

In the context of wireless security this actually means TKIP vs. "AES-based CCMP" (not just AES).

TKIP is a lower end encryption protocol (WEP2) and AES is a higher end (WPA2/802.11i) encryption protocol. AES is preferred.

 

TKIP+AES

This is what the encryption standards are for WEP2 (TKIP) and WPA2/802.11i (AES). It will attempt to use AES if available and fall back to TKIP if not. This setting offers the most compatibility but won't guarantee a higher level of encryption if a device falls back to TKIP.

 

WPA2, aka 802.11i

Fully conforms with 802.11i as it implements all mandatory features.

Guarantees interoperability certification.

Effectively WPA2 is Wi-Fi Alliance's brand name for 802.11i.

Note: In some cases other optional features of 802.11i may be required, but interoperability may not be guaranteed.

Support for AES encryption and AES-based CCMP message integrity is mandatory (is optional in WPA).

As well as mandatory AES, WPA2 also adds PMK (Pair-wise Master Key) and Pre-authentication to help fast roaming.

 

EAP options

Authentication options for 802.11i.

Two initial types - pre-shared key (personal) or RADIUS (enterprise), same as per WPA.

Additional types of enterprise authentication types now available (usually not relevant for home users).

 

AES-based CCMP

WPA2 mandates AES-based CCMP for message integrity and confidentiality.

TKIP (weaker) is optional.

 

WPA2 mixed

Mixed mode allows device to try WPA2 first, and if that fails fall-back to WPA.

 

WEP

WEP was supposed to provide Confidentiality, but has found to be vulnerable and should no longer be used, has been found to be vulnerable and is often the default; this should be changed.

Most devices that support WEP can be firmware/software upgraded to WPA.

Do not use unless some devices can not be upgraded to support WPA.

WEP has been outdated for years and has better replacements. The 40-bit encryption is just not strong enough to keep data secure and can be broken rather easily. Newer encryption methods use stronger encryption and have yet to be broken while WEP can be broken in a minute, use WPA where possible.

 

Preference Summary

To keep things simple, the best options, in decreasing order of preference, may be:

WPA2 + AES

WPA + AES (only if all devices support it).

WPA + TKIP+AES (only if all devices can support it).

WPA + TKIP

Disabled (no security)

The most common two options will be WPA2 + AES and WPA + TKIP, because they match the mandatory requirements in the standards (WPA2 requires AES, WPA requires TKIP).

You can use WPA + AES for higher security than TKIP, but only if your devices support it (it is optional). For this reason it is not very common. You also do not get the improved roaming features of WPA2.

WPA + TKIP+AES provides a fallback in case AES is not supported by a device in that it switches to the more common TKIP. The disadvantage is that it might switch to TKIP unexpectedly but is more backwards compatible if needed.

Currently TKIP has no known vulnerabilities, so for broadest compatibility stick with WPA + TKIP.

The remaining combination, WPA2 + TKIP, is possible (as TKIP is optional in WPA2), but doesn't make much sense because AES is more secure and mandatory for all WPA2 devices.



REFERENCES
https://learningnetwork.cisco.com/thread/11207