I am sure many of you are wondering what the best security method is when using wireless keys. There are several types of wireless security that you’ll come across: let’s have a look at some of them.
WEP: Wired Equivalent Privacy, aka WEP, is the grandfather of wireless security types, dating back to 1999. When a client (such as a laptop or tablet) connects to a WEP security protected network, the WEP key adds some data to create an “Initialisation Vector” or “IV” for short. For example, a 128-bit key is comprised of 26 characters from the keyboard (totalling 104 bits) combined with a 24-bit IV. When a client connects to an AP (Access Point), it sends a request to authenticate, which is met with a reply challenge from the AP. The client encrypts the challenge with the key, and the AP decrypts it, and if the challenge received matches the original, the AP will either authenticate the client or deny the authentication.
This may sound secure, nevertheless as with most technology, there are methods developed to exploit this process. The risk occurs when a client sends its request to the access point– the portion containing the IV is transmitted wirelessly using clear-text (non-encrypted). In addition, the IV is simplified when compared to the key, and where there are several clients using the same WEP key on a network, IV’s have an increased probability of repeating themselves. In a busy network, if a malicious user wishes to gain access to a network utilising WEP security, it can do so by passively eavesdropping and quickly collecting IV’s. When enough IV’s have been collected, the key then becomes easy to decrypt.
Clearly, WEP is not the correct choice for securing your network at this moment in time.
WPA: Wi-Fi Protected Access (WPA). This new security standard, with the Temporal Key Integrity Protocol (TKIP), included several enhancements over WEP; however some worries remained over security issues with using similar stronger key implementation.
WPA2: The above concerns led to WPA2’s introduction in 2004. At the centre of WPA2 is its use of a security protocol based on an Advanced Encryption Standard (AES); the U.S. Government’s preferred choice of encryption. As it currently stands, the only people who should still be using TKIP on a wireless network are those who are dealing with hardware that is rated for older 802.11g technology.
WPS: In 2007, a new security method – WiFi Protected Setup (WPS) – began to show up on wireless access points. With this type of security, a user is able to add new devices to their network by simply pushing a button (within administration software or physically on the device) and then typing in an 8-digit PIN number on the client device.
The PIN feature acts as a shortcut for entering in a longer WPA (WiFi Protected Access) key. The basic idea behind WPS is that having physical access to the AP to hit a button and reading a sticker would provide a more secure implementation of WiFi authentication. Everything was running well in the WPS world, until last year, when a security researcher discovered the vulnerability in the implementation. Here’s how it works:
The first 4 digits (10,000 possibilities) are checked separately from the last 3 digits (1,000 possibilities). This translates into a malicious user only needing to make at most 11,000 guesses, which a computer can handle in a matter of hours!
As you can see, if you are currently using WPS on an access point, you may consider disable the feature to avoid anyone compromising your network.