WEB vs WPA
Matthew Otte
Friends University Due to the nature of wireless, using radio waves instead of physical media to transferred data, anybody within range could receive the information being transmitted between devices. To successfully employ wireless technology, a solution had to be introduced to ensure security. Wired Equivalent Privacy (WEP) was introduced to meet this need. WEP is a means to secure Wireless Local Area Networks (WLANs) by encrypting transmissions at the data-link layer with the symmetric RC4 encryption algorithm. The main goal when employing WEP was to provide confidentiality, access control, and data integrity at an equivalent level as a wired connection, thus the name. These security standards were …show more content…
Because it wasn’t properly designed it is easily cracked. CRC32 doesn’t properly ensure integrity of the data, as an attacker may still produce the same checksum after flipping bits. Additionally, the passwords are subject to easy dictionary attacks. Furthermore, denial of service is easily achieved by de-authenticating legitimate users. Finally, the weakness in the implementation of IVs allows the stream to potentially be decrypted by attackers. To remediate most of these pitfalls, WPA and later WPA2 came to market. Wi-Fi Protected Access 2 (WPA2) still uses a shared secret key but only for authentication. After authentication WPA2 employs Temporal Key Integrity Protocol (TKIP) as a key mixing mechanism to dynamically change the secret key for the remainder of data transfer. Further, WPA2 has increased the size of IV to allow for considerably more keystreams. WPA2 does still have its weaknesses, however. If a weak password is used, WPA2 can be broken by offline password cracking. Additionally, Evil-Twin attacks can be used to mimic the access point and capture data. Finally, WPA2 is still susceptible to denial of service attacks through