WIFI AUTHENTICATION MODES AND ENCRYPTION MECHANISMS

WIFI AUTHENTICATION MODES AND ENCRYPTION MECHANISMS

I)                  WiFi Authentication Modes

When you are authenticating clients to a wireless network, two processes are available:

1)    Open system authentication:

Is used in situations where you want to make your network available to a wide range of clients. This type of authentication occurs when an authentication frame is sent from a client to an access point. When the accesspoint receives the frame, it verifies its SSID, and if it’s correct, the access point sends a verification frame back to the client, allowing the connection to be made.

2)    Shared key authentication:

 In this process, each client receives the key ahead of time and then can connect to the network as needed. This is how shared key authentication works:

1. The client sends an authentication request to the access point.

2. The access point returns a challenge to the client.

3. The client encrypts the challenge using the shared key it is configured with.

4. The access point uses the same shared key to decrypt the challenge; if the responses match, then the client is validated and is given access to the network.

II)              Wireless Encryption Mechanisms

The following are some of the more commonly used wireless encryption and authentication protocols in use:

1)    Wired Equivalent Privacy (WEP) is the oldest and arguably the weakest of the available encryption protocols. The WEP standard was introduced as the initial solution to wireless security but was quickly found to be flawed and highly vulnerable.

The WEP protocol is still regularly encountered as an option on many wireless access points and devices but should be avoided in favor of other options or upgrading hardware to support newer standards where possible. However, if these options aren’t realistic at the time, then it can suffice as a short-term solution but should be combined with other security technologies just in case.

2)    WiFi Protected Access (WPA) was the successor to WEP and was intended to address many of the problems that plagued WEP. In many areas it succeeded and made for a much tougher security protocol. WPA uses Temporal Key Integrity Protocol (TKIP) and message integrity code (MIC).

3)    WPA2 is the successor to WPA and was intended to address the problems with WPA. WPA2 is much stronger and uses tougher encryption in the form of AES and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). The standard also comes in a version that uses stronger systems such as Extensible

Authentication Protocol (EAP), TKIP, and AES (with longer keys).

4)    WPA2 Enterprise is a version that incorporates EAP standards as a way to strengthen security as well as scale the system up to large enterprise environments. WPA2, as an enterprise solution, uses RADIUS or similar technology to centralize and manage access to the wireless network.

III)           Authentication Technologies

1)    EAP is incorporated into multiple authentication methods, such as token cards, Kerberos, and certificates.

2)    Lightweight Extensible Authentication Protocol (LEAP) is a proprietary WLAN authentication protocol developed by Cisco.

3)    Remote Authentication Dial-In User Service (RADIUS) is a centralized authentication and authorization management system.

4)    802.11i is an IEEE standard that specifies security mechanisms for 802.11 wireless networks.