We will now look at three wireless network security protocols.
First, Wired Equivalent Privacy, also called WEP.
This protocol is a security mechanism defined in the IEEE 802.11 standard.
It is intended to provide confidentiality over
a wireless network by encrypting information sent over that network.
But, since the encryption technique used by WEP is weak
and the encryption key can be guessed easily using brute-force attack,
it is not considered safe to use it nowadays.
Second, W-Fi Protected Access, also called WPA.
This is a wireless security protocol designed to
address and fix the known security issues in WEP.
WPA is a stronger encryption mechanism by use of what is called
the Temporal Key Integrity Protocol or TKIP for data encryption.
In 2008, TKIP was also compromised, meaning,
broken, and attackers successfully sniffed
the data packets or the network and were able to manipulate content.
Therefore, TKIP is no longer considered secure.
To overcome the shortcomings of WPA,
WPA2 was then introduced with an even stronger encryption mechanism.
This leads us to the third protocol: Wi-Fi Protected Access 2 our WPA2.
This is based on the IEEE 802.11i standard.
WPA2 supports stronger cryptographic mechanism,
such as Advanced Encryption Standard or AES mentioned in module two,
and stronger authentication protocol,
such as Extensible Authentication Protocol,
also called EAP, which we will elaborate a little later.
Along with that, it also provides enhanced key management,
protection from replay attack,
and better data integrity.
Next, let us see how authentication is actually implemented in a wireless network.
Access points use different authentication mechanisms
for access control to a wireless network.
The simplest one is the Open Authentication Protocol.
Open Authentication allows any device to
authenticate and then communicate with the access point.
Using Open Authentication, any wireless device in
the vicinity can authenticate with the access point.
This is how it is done in Wi-Fi hotspots such as coffee-shops.
In reality, it means no security.
A somewhat secured authentication is the Shared Key Authentication.
Here, the access point sends a challenge text to a device which is requesting connection.
The device that is requesting
authentication encrypts it and send it back to the access point.
If the text is encrypted correctly,
then the access point knows that the device uses
the correct shared key and allows the requesting device to connect.
But this protocol has some serious flaws.
The packets transferred between the access point and
the device can be monitored and manipulated easily by an opponent.
Also, notice that the access point does not
do anything to prove to the mobile device that it knows the key.
Therefore, this authentication mechanism is considered unsafe.
A more secure and currently prevalent mechanism is
the Extensible Authentication Protocol.
EAP provides the highest level of security for a wireless network.
Extensible Authentication Protocol performs mutual authentication.
That is, both device and access point can authenticate each other for reliability.
The generic EAP involves an elaborate eight-stage authentication in which
the mobile device first sends authentication request to
the access point which in turn asks for the identity of device.
Thereafter, the access point conforms the identity of device by communicating with
the authentication server which stores the identity and other credentials of devices.
Once this process is done,
the access point allows the device to connect to the wireless network.
Optionally, the device can also authenticate
access point's identity by requesting for access point identifier.
Let us conclude this lesson with an analogy to describe EAP-based authentication,
which is the most secure authentication protocol in Wi-FI.
Let us say you are pulled over by a traffic police on a highway.
The first thing the officer does is asking
for your driver's license and vehicle registration.
You obliged, but asked for the officer's badge number.
You might normally recognize and trust the officer and
you rarely ask the officer for identification, but,
on the internet, such a two-way handshake is essential because,
who knows, it could be a rogue access point you might be dealing with.
The details of EAP are outside the scope of this course,
but rest assured that it is a very secure authentication protocol.