WIFI
Secure WiFi - Notions
Wifi Encryption technologies
- WEP (Wired Equivalent Privacy) is the security protocol introduced in Septembre 1999 for Wifi.
WEP is considered weak in today's world; it uses RC4 encryption protocol (RC4) : 64 bit static key is one important weakness. It can be easily broken and should not be used anymore.
- WPA (Wi-Fi protected access), was introduced by the Wi-Fi alliance in april 2003 to reach the IEEE 802.11i standard. WPA improves WEP by using TKIP (also using RC4) 128 bit dynamic keys, 802.1x user authenticationand EAP (Extensible authentication protocol).
WPA-PSK is a simplified implementation of WPA without Radius server.
- WPA2 : Wi-Fi Alliance uses WPA2 commercial name to indicate that the product is 802.11i compliant
IEEE 802.11i IEEE standard completes the network layer (normes 802.11b / g / n); It has been adopted on 24th june 2004. It uses AES encryption (Advanced Encryption Standard) which can use 128, 192 or 256 bit keys.
Usually, equipment designed for WEP or WPA do not support WPA2.
Technology evolution over time : WEP ==> 802.1x ==> WPA ==> 802.11i (WPA2)
Implementation
Actual bandwith performance must be tuned. Conflicts can be solved and bandwidth increased by using channels, moving access points ..
Security terminology
- Authentication : service to identify users.
- Access control : service limiting user access to identified applications
- Integrity : service validating that data have not been altered between emission and reception
- Confidentiality : service consisting in making sure that data are kept confidential and only legible by authorized and identified users
- Encryption : is it not a service, it is a techonology used to implement services. It uses encryption algorithm and encryption keys.
- Symetric Encryption : coding and decoding encryption keys are the same
- Asymetric Encryption : coding and decoding encryption keys are the différent
- Signature : unique identification of a user – for instance used when sending or receiving a message.
- RC4 : ''Rivest Cypher 4'' Agorithm. Uses symetric key (1 to 256 Bytes).
- TKIP : "Temporal Key Integrity Protocol" Encryption protocol using automatically renewed encryption keys. Compatible with WEP.
- AES : "Advanced Encryption Standard" Encryption algorithm using 128, 192 and 256 bit keys. AES replaces DES (Data Encryption Standard) which becam too weak over time
- IEEE : Institut of Electrical Electronical Engineers
- IEEE 802.11 : international standard describing wireless LAN network
- IEEE 802.11a : 54 Mbps in theory, 30 Mbps in reality. La norme 802.11a uses 8 radio channels in the 5 GHz frequency range. Not compatible with 802.11b/g, it is not widely used
- IEEE 802.11b : most common implemantation with its successor "g" and "n". 11 Mbps in theory, 6 Mbps in reality. Range up to 300 m in open environment, uses 2.4 GHz frequency with 3 radio channels.
- IEEE 802.11g : evolution of "b", compatible with "b" 54 Mbps in theory, 30 Mbps in reality
- EEE 802.11n : in Theroy up to 270Mbps in 2.4 GHz or 5 GHz frequency
- IEEE 802.11i : complement network layer (standard 802.11b / g / n). relies on AES (Advanced Encryption Standart) , 128, 192 and 256 bit keys. AES encapsulate WEP which does not disappear.
- IEEE 802.1x : Authentication standard. Nothing can happen until users are identified, except accessing Radius Authentication server. Each user has his own key which can be renewed.