WPA vs WEP Erik Nicholson COSC 352 March

WPA vs. WEP Erik Nicholson COSC 352 March 2, 2010

WPA �Wi-Fi Protected Access �New security standard adopted by Wi-Fi Alliance consortium � Ensures compliance with different manufacturers wireless equipment �Bridges the gap between WEP and 802. 11 i(WPA 2)networks �Able to deliver a higher level of security compared to WEP �Uses Temporal Key Integrity Protocol or (TKIP) and allows WEP to be upgraded to correct existing security problems �Passwords are limited to A-F & 0 -9

WPA �Advantages over WEP: �Initialization vector increased from 24 bits to 48 bits � Results in probability of assigning 500 trillion different key combinations �Better key management �Master keys are never directly used �Contains impressive message integrity checking �WPA avoids using weak IV values �A different key is scrambled and used for each packet, resulting in a more complex secret key

WPA �WPA protocol implements the majority of IEEE 802. 11 i standard �Due to security problems, it has been upgraded to WPA 2, which provides a more stronger and secure data protection and network access control �WPA 2 has replaced WPA �WPA 2 requires testing and certification by the Wi-Fi Alliance. WPA 2 implements the mandatory elements of 802. 11 i. In particular, it introduces a new AES-based algorithm, CCMP which is considered fully secure.

WEP �Wired Equivalent Privacy �Security protocol for wireless local area networks (WLAN) a defined in the 802. 11 b standard �Provides same level of security as a wired LAN �Provides security by encrypting data over radio frequency waves, so its protected as its transmitted from end point to end point �Used at the data link and physical layers on the OSI model

WEP �Works by using secret keys or codes to encrypt data �Access point and client both must know the codes in order for it to function �Uses either 64 bit or 128 bit keys �Actual user codes are 40 and 104 bits, with the extra 24 bits used by the IV(Initialization Vector) � 3 settings �Off(no security) � 64 -bit(Weak security) � 128 bit (Higher security) �Used for mobile and non-pc devices such as Cell phones, PDA’s and Mp 3 players

WEP �Disadvantages �No limit on using same IV value more than once � Encryption vulnerable, especially to collision-based attacks �Only 24 bits in IV, so there's only 16. 7 million variations of keys �Master keys are directly used, instead of generating temporary keys �Users don’t change keys often � Gives attackers time to try various techniques to hack into

WEP �Contains two authentication methods: �Open System authentication �Shared Key authentication

Open System authentication �Client doesn’t need to provide its credentials to access point during authentication �Allows clients to be able to authenticate themselves with the access point and then attempts to associate � No real authentication takes place then �WEP can be used for encrypting data frames �Client needs to have right keys

Shared Key authentication �Four way request and response � 1. Client station sends authentication request to access point � 2. Access point sends back clear-text challenge � 3. Client must encrypt the text using configured WEP key, and then sends it back for another authentication request � 4. Access point decrypts the information, and compares it to the clear-text it sent �Depending on comparisons, the access point will send a positive or negative response

Conclusion �WPA (Wi-Fi Protected Access) is a more reasonable choice in a network security protocol. �Allows for a longer IV length �Much better encryption methods which prevents the reuse of the IV keys �Master keys are used directly, resulting in a decrease in the ability of hackers to get into network and system �With WPA, you can use the same equipment, with a much better security option. The only thing you need to do is to upgrade the software and firmware.