Wednesday, May 13, 2015

WLAN Authentication Methods

WLAN Authentication Methods

It is important to understand that there is a distinction between being authenticated onto a wireless network and then having the traffic passed be encrypted. It is possible to be authenticated onto a network and pass open unencrypted traffic; this section looks at the commonly used methods of authentication.
There are three main methods of authentication that are used on today’s wireless LANs:
  • open authentication
  • shared authentication
  • EAP (Extensible Authentication Protocol) authentication
The open authentication method is the simplest of the methods used and only requires that the end device be aware of the Service-Set Identifier (SSID) used on the network, as long as the SSID is known then the device will be allowed onto the network. The problem with this method is that the SSID is typically broadcast and if it is not, it can be easy to figure out with passive capturing techniques. 
The shared authentication method is commonly used on individual and small business wireless LAN implementations; this method uses a shared key (Pre-Shared Key – PSK) that is given to both sides of the connection; if they match then the device is allowed onto the network. 
The third method uses the Extensible Authentication Protocol (EAP) and is the most common method used by enterprises. The EAP method utilizes an authentication server that is queried for authentication using a variety of credential options.

WLAN Encryption Methods

Along with the method used for authentication, the choice of encryption method is a very important part of deploying a wireless LAN. Many of the encryption methods that were implemented in earlier wireless LAN standards have been proven insecure and have been depreciated by more modern methods. As time goes on, this is sure to happen with all encryption techniques as they are used more commonly (thus becoming a target for exploitation) and as processing power continues to increase.
Here are the WLAN encryption methods we’ll review today:
  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Wi-Fi Protected Access 2 (WPA2)
The first widely used standard for wireless LANs was 802.11 (prime); this included the Wired Equivalent Privacy (WEP) algorithm which was used for security. WEP utilizes RC4 for encryption and has been depreciated because of vulnerabilities that can be used to find the security keys.
In response to the vulnerabilities found in WEP, Wi-Fi Protected Access (WPA)was defined. WPA utilizes the Temporal Key Integrity Protocol (TKIP) which utilizes dynamic keys that were not supported with WEP and RC4 for encryption. The TKIP method used with WPA was utilized until vulnerabilities were found in TKIP. These vulnerabilities center on the fact that TKIP uses some of the same mechanisms that WEP does which allow similar attacks.
In response to the vulnerabilities in WPA/TKIP, the IEEE 802.11i standard was defined and implemented; the IEEE 802.11i standard is also referred to as WPA2. WPA2 replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on Advanced Encryption Standard (AES); it is common for the WPA2 encryption method to be referred to as AES. As of this writing, there are no easy methods that have been found to break AES.

No comments:

Post a Comment