Chapter 4

Wireless Local Area Network Security Protocols

WLAN, Security Basics

 Confidentiality : Cryptography
 Integrity: Hash
 Availability : Redundancy
WLAN, Security Protocol

Evolution of WLAN Security Protocols

 1997: WEP introduced

 2003: WPA launched as a patch
 2004: WPA2 becomes mandatory
 2018: WPA3 announced
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)

 Primary built security for 802.11 protocol

 Uses 40bit or 104bit RC4 encryption
 Intended to make wireless as secure as a wired network and
avoiding eavesdropping attack
 Unfortunately, since ratification of the 802.11 standard, RC4 has
been proven insecure, leaving the 802.11 protocol wide open for
attack
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)

Message

Initialization vector WEP Key

XOR
3 Bytes (24 bit) 5 or 13 Bytes (40 or 104 bits)

KSA et PRGA Keystream

keystream
(RC4)

KSA: Key Scheduling Algorithm

PRGA: Pseudo Random Generator Algorithm
Cipher Text
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)
Integrity
 WEP uses a mechanism called Integrity
Check Value (ICV).
 ICV is designed to check the integrity of
frames.
 ICV uses a code equivalent to CRC32 (i.e.,
32-bit, CRC Cyclic Redundancy Check).
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)
Sender Receiver

IV WEP KEY
Concatenation

IV Seed Key Stream RC4

RC4
Key Stream
PRNG Cipher PRNG
WEP KEY + Text

Concatenation

+
Plaintext
Message

CRC-32 ICV + Plaintext

Integrity Check Value (ICV) ICV` = ICV ?

CRC-32
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)
WEP Flaws

 Weak encryption: WEP uses a stream cipher called RC4, which is

relatively weak and easy to crack.

 Key reuse: WEP reuses the same encryption key for all packets,
which makes it easier for attackers to crack the key.

 Initialization vector (IV) gets reused for multiple packets over time,
which can also be exploited by attackers.
WLAN, Security Protocol
Wired Equivalent Privacy (WEP)
WEP Flaws
 In August 2001, researchers from the University of California, Berkeley (notably
Nikita Borisov, Ian Goldberg, and David Wagner) published a paper titled:
"Intercepting Mobile Communications: The Insecurity of 802.11"
 They revealed fundamental flaws in the RC4 encryption and IV (Initialization Vector)
reuse in WEP.
 Shortly after, practical attacks emerged that allowed real-world WEP keys to be
recovered within minutes using passive packet sniffing.

Tools like:
AirSnort, WEPCrack, Later, Aircrack-ng

made WEP cracking widely accessible by 2003–2004, leading to the protocol being officially
deprecated by the Wi-Fi Alliance in 2004 in favor of WPA.
WLAN, Security Protocol
Wi-Fi Protected Access (WPA)

What is WPA?
 A security protocol designed to protect Wi-Fi networks.
 Successor to the insecure WEP (Wired Equivalent Privacy).
 Introduced in 2003 as an interim solution before WPA2.

Why WPA?
 To address critical vulnerabilities in WEP.
 Enhance encryption and authentication for wireless networks.
WLAN, Security Protocol
Wi-Fi Protected Access (WPA)
Key Features of WPA
• Encryption:
 Uses Temporal Key Integrity Protocol (TKIP).
 Enhances WEP encryption by introducing dynamic keys.
 Adds a 48-bit Initialization Vector (IV).
 Includes a Message Integrity Code (MIC) to prevent tampering.

 Dynamically generates keys per packet to avoid IV reuse.

• Authentication:
 Pre-Shared Key (PSK) for personal networks.
 Authentification System (802.1X/EAP )
WLAN, Security Protocol
Wi-Fi Protected Access (WPA)
Security Vulnerabilities of WPA

TKIP Weaknesses:
 Still uses the RC4 stream cipher, which has known vulnerabilities.
 Susceptible to advanced attacks that exploit weaknesses in the
Message Integrity Code (MIC) mechanism.
 Vulnerable to TKIP Key Replay Attacks, where an attacker can
intercept and replay packets to disrupt network communication.
 If a weak Pre-Shared Key (PSK) is used, WPA is exposed to
dictionary attacks, enabling unauthorized access.
WLAN, Security Protocol
Wi-Fi Protected Access (WPA2)

What is WPA2?
 Second generation of Wi-Fi Protected Access (WPA).
 Introduced in 2004 to address WPA limitations.
 Implements stronger encryption and authentication protocols.

Why WPA2?
 Required for Wi-Fi Certified devices since 2006.
 Provides robust security for personal and enterprise networks.
WLAN, Security Protocol
Wi-Fi Protected Access (WPA2)
Key Features of WPA2
• Encryption:
 WPA2 typically uses CCMP (Counter Mode / Cipher Block
Chaining Message Authentication Code Protocol) for
encryption, which is based on the AES (Advanced Encryption
Standard) cipher.
• Authentication:
 WPA2-Personal: Pre-Shared Key (PSK).
 WPA2-Enterprise: Centralized 802.1X/EAP authentication.
• Data Integrity (MIC (Message Integrity Code)):
 MIC is calculated using AES in CBC-MAC mode (Cipher Block
Chaining Message Authentication Code).
WLAN, Security Protocol
WPA2 Process

WPA2 establishes a secure communication context in four phases:

Phase (1): The AP and the client will agree on the security policy
(authentication and pre-authentication method).

Phase (2): Generate the master key.

Phase (3): Creating temporary keys in regular manner.

Phase (4): All keys generated in phase (3) will be used by the CCMP
protocol to provide data confidentiality and integrity.
WLAN, Security Protocol
WPA2 Process

Phase (1):

The access point advertises the security policies which it supports

through the Beacon or through the probe respond message.

After the standard open authentication, the client will send his
response in the association request message which will be validated
by an association response from the access point.
WLAN, Security Protocol
WPA2 Process

Phase (1):

The access point advertises the security policies which it supports

through the Beacon or through the probe respond message.

After the standard open authentication, the client will send his
response in the association request message which will be validated
by an association response from the access point.
WLAN, Security Protocol
WPA2 Process

Phase (1):

The access point advertises the security policies which it supports

through the Beacon or through the probe respond message.

After the standard open authentication, the client will send his
response in the association request message which will be validated
by an association response from the access point.
WLAN, Security Protocol
WPA2 Process
Phase (1): Agreeing on the security policy

Prop Request
Prop Response + RSN IE
CCMP Mcast, CCMP Ucast, 802.1x auth

802.11 Open system authentication

802.11 Open system authentication - Success

Association Request + RSN IE

Request CCMP Mcast, CCMP Ucast, 802.1x auth
Association Response - Success
WLAN, Security Protocol
WPA2 Process
Phase (1): Agreeing on the security policy
The security policy information is included in the RSN IE (Robust Security
Network Information Element) field, and it contains the following:

The supported authentication methods (802.1X, Pre-Shared Key (PSK)).

The security protocols for unicast traffic (CCMP, TKIP etc.) – the
pairwise cipher suite.

The security protocols for multicast traffic (CCMP, TKIP etc.) – the group
cipher suite.
WLAN, Security Protocol
WPA2 Process
Phase (2)

This phase is based on EAP and the authentication method which

has been agreed on in phase 1.

The access point will send "request identity" message to the

client, then he will response with a message containing the
preferred authentication method.
WLAN, Security Protocol
WPA2 Process
Phase (2) : 802.1x authentication

After that, few messages will be exchanged between the client

and the authentication server to generate a common master key
(MK).

At the end of this phase, the authentication server will send a
"Radius Accept" message to the access point, containing the MK
and a final EAP Success message for the client.
WLAN, Security Protocol
WPA2 Process
Phase (2) : 802.1x authentication

802.1X/EAP – Request Identity

802.1X/EAP – Response Identity

Radius Access
Request Identity
MK derivation MK derivation
EAP messages specific to the chosen method

Radius Accept
MK distribution
802.1X/EAP success
WLAN, Security Protocol
WPA2 Process
Phase (3)
In this phase there are two handshakes:

4-Way Handshake for PTK (Pairwise Transient Key) and GTK (Group Transient
Key) derivation.

Group Key Handshake for GTK renewal.

WLAN, Security Protocol
WPA2 Process
Phase (3)
PMK before Two-way Handshake

The PMK (Pairwise Master Key) derivation depends on what we have used on
the authentication method:

If we used PSK (Pre-Shared Key), then the PMK will be equal to PSK.

If we used an authentication server, then the PMK will be derived from the
802.1X authentication MK.
WLAN, Security Protocol
WPA2 Process
Key derivation and distribution
Phase (3)

Derived key

Derived key
PTK = KCK : Key Confirmation Key + KEK: Key Encryption Key + Temporal Key1 & Key2
WLAN, Security Protocol
WPA2 Process
Key derivation and distribution
Phase (3)
WLAN, Security Protocol
WPA2 Process
4-Way Handshake
Message 1: ANonce Generation and
Transmission
 The access point (AP) generates a random
number called ANonce (Authenticator
Nonce).
 The AP sends the ANonce to the client as
part of the first handshake message.
 ANonce is combined with another nonce
from the client (SNonce) to create the
Pairwise Transient Key (PTK).
WLAN, Security Protocol
WPA2 Process
4-Way Handshake
Message 2: SNonce Generation and Key Derivation
 The client (station) generates its own random
number called SNonce (Supplicant Nonce).
 Key Derivation:
The client uses:
 ANonce (received from the AP),
 SNonce (its own),
 PMK (Pairwise Master Key, derived from
the Pre-Shared Key or 802.1X handshake),
 MAC addresses of both devices.
These values are combined to derive the
Pairwise Transient Key (PTK).
 The client sends SNonce back to the AP.
WLAN, Security Protocol
WPA2 Process
4-Way Handshake
Message 3:PTK Confirmation and GTK Transmission

 The AP also calculates the PTK using ANonce,

SNonce, PMK, and device MAC addresses.

 The AP generates or retrieves the Group

Temporal Key (GTK), used for encrypting
broadcast and multicast traffic.

 The AP sends the GTK (encrypted using the PTK)

to the client. It also includes a CMMP to ensure
the message's integrity.
WLAN, Security Protocol
WPA2 Process
4-Way Handshake
Message4: Handshake Completion

 The client receives and checks the integrity of

GTK.

 The client sends a confirmation to the AP that it

has successfully derived the PTK and received
the GTK.

 Both the client and AP now have a shared PTK

and GTK for secure communication.
WLAN, Security Protocol
WPA2 Process

Key Points of the 4-Way Handshake

Encryption:
Uses AES to secure data.

Integrity:
CCMP protects against message tampering.

Replay Protection:
Nonces (ANonce and SNonce) prevent replay
attacks by ensuring unique encryption keys for
each session.
WLAN, Security Protocol
Advantages of WPA2
1. Strong Encryption
• Uses AES (Advanced Encryption Standard), a robust and widely trusted encryption method.
• Replaces the weaker RC4 cipher used in WPA, making WPA2 more secure against modern
attacks.

2. Data Integrity
• Utilizes CCMP (Counter Mode/CBC-MAC Protocol) to ensure data integrity and authenticity.
• Prevents unauthorized modifications to transmitted data.

3. Authentication Options
• Supports two modes:
 WPA2-Personal (PSK): Simplified setup for home and small-office networks.
 WPA2-Enterprise (802.1X): Advanced authentication for enterprise networks using a
RADIUS server.
• Offers flexibility for diverse network environments.
WLAN, Security Protocol
Advantages of WPA2
4. Backward Compatibility
• Compatible with WPA-enabled devices, easing the transition to WPA2.

5. Resistance to Brute-Force Attacks

• AES encryption makes brute-force attacks impractical due to the computational
complexity involved.

6. Enhanced Scalability
• Ideal for both small-scale and large-scale deployments, including home networks,
businesses, and public Wi-Fi.
WLAN, Security Protocol
Advantages of WPA2
7. Replay Attack Protection
• Nonces (unique encryption keys per session) are used to prevent replay attacks.

8. Industry Standard
• Recognized as a robust security protocol and required for Wi-Fi Certified devices
since 2006.

9. Secure Multicast and Broadcast

• Supports Group Temporal Key (GTK) for encrypting broadcast and multicast traffic,
ensuring secure communication across all devices.

10. Longevity and Trust

• Remained the standard for secure Wi-Fi for over a decade until WPA3 was
introduced.
WLAN, Security Protocol

Disadvantages of WPA2
1. Vulnerable to the physical layer attacks:
Like all Wi-Fi security standard, the WPA2 can't stand in front of the
physical layer attacks like:
• Data flooding.
• Access points failure.

2. Vulnerable to the DoS attack.

3. Vulnerable to the MAC addresses spoofing

4. Vulnerable to Weak Passwords:

WPA2-PSK relies on the strength of the password. If a weak or easily guessable
password is used, the network becomes vulnerable to dictionary and brute-force
attacks.
WLAN, Security Protocol

Disadvantages of WPA2
5. No Protection Against Rogue Access Points:
WPA2 (personal mode)cannot inherently detect or prevent attacks involving
rogue access points that impersonate legitimate networks.

6. Management Frame Protection (Optional):

WPA2 does not mandate robust protection for management frames, leaving it
susceptible to deauthentication and disassociation attacks unless WPA2-PMF
(Protected Management Frames) is explicitly enabled.

7. Susceptibility to KRACK Attack:

WPA2 was found to be vulnerable to the Key Reinstallation Attack (KRACK),
which exploits a flaw in the four-way handshake process to intercept encrypted
data.
WLAN, Security Protocol
Disadvantages of WPA2

KRACK Attack:
WPA2 was found to
be vulnerable to
the Key
Reinstallation
Attack (KRACK),
which exploits a
flaw in the four-
way handshake
process to
intercept
encrypted data.
WLAN, Security Protocol
WPA2, KRACK Attack
WLAN, Security Protocol

WPA3 (Wi-Fi Protected Access 3)

Wi-Fi Protected Access 3 (WPA3) is the latest security protocol for

Wi-Fi networks, introduced by the Wi-Fi Alliance in 2018. It was
designed to address vulnerabilities in previous versions
(WPA/WPA2) and to provide enhanced security for modern
wireless networks.
WLAN, Security Protocol
Key Features of WPA3
1. Enhanced Protection Against Brute-Force Attacks
 WPA3 replaces the Pre-Shared Key (PSK) exchange mechanism with Simultaneous
Authentication of Equals (SAE).
 SAE, based on the Dragonfly Key Exchange, offers a secure handshake resistant to
offline dictionary attacks.

2. Improved Security for Open Networks

 WPA3 introduces Opportunistic Wireless Encryption (OWE), providing encryption
even for open networks (e.g., public Wi-Fi) without requiring a password.

3. Forward Secrecy
Even if the network key is compromised, previous communication sessions remain
secure because WPA3 generates unique encryption keys for each session.
6. Simplified IoT Device Connections

Wi-Fi Easy Connect, simplifying the process of connecting IoT devices that lack a user interface.
WLAN,
•WPA3 incorporates
Security Protocol
Key Features of WPA3
4. 192-Bit Security Suite
 WPA3-Enterprise offers a 192-bit encryption level, aligning with Commercial
National Security Algorithm (CNSA) requirements for government and enterprise
use.

5. Protection Against Passive Eavesdropping

 Automatic data encryption ensures that even unauthenticated users cannot
intercept data on the same network.

6. Simplified IoT Device Connections

 WPA3 incorporates Wi-Fi Easy Connect, simplifying the process of connecting IoT
devices that lack a user interface.
WLAN, Security Protocol
Advantages of WPA3

1. Resistant to Offline Attacks:

The SAE handshake protects against offline dictionary attacks.
2. Improved Security for Open Networks:
OWE ensures encrypted communication on networks without passwords.
3. Forward Secrecy:
Previous communications remain secure even if credentials are compromised.
4. Stronger Encryption:
192-bit encryption ensures higher protection for enterprise networks.
5. Enhanced IoT Support:
Simplifies secure connections for devices with limited interfaces.
WLAN, Security Protocol
Advantages of WPA3
Feature WEP WPA WPA2 WPA3
Introduction Year 1997 2003 2004 2018
Encryption Algorithm RC4 RC4 + TKIP AES-CCMP AES-GCM
Key Length 40 or 104 bits 128-bit (effective) 128-bit or 256-bit 192-bit (Enterprise mode)
Key Management Static Dynamic (TKIP) Dynamic (AES-CCMP) SAE (Dragonfly Handshake)
Simultaneous Authentication
Handshake Mechanism None Pre-Shared Key (PSK) Pre-Shared Key (PSK)
of Equals (SAE)
Susceptible to TKIP Susceptible to KRACK Strong resistance to offline
Vulnerability to Attacks Highly vulnerable
attacks attacks and KRACK attacks
Data Integrity CRC-32 (weak) TKIP (better than CRC-32) AES-based MIC AES-GCM (stronger MIC)
Forward Secrecy No No No Yes
Protection in Open Opportunistic Wireless
None None None
Networks Encryption (OWE)
Ease of Configuration Easy Moderate Moderate Complex
New devices with WPA3
Device Compatibility Legacy Older devices Most modern devices
support
Network Type Home Home/Small office Home/Enterprise Home/Enterprise
Usage Today Deprecated Rare Widely used Emerging standard
Thanks