Wireless Security (wep Vs Wpa)

[rohitwebmaster 0]

WAP = Wireless Access Point; ‘hotspots’ (public access) require no pass phrase and are ‘open’ (and dangerous to use).

WEP = early form of encryption; seldom used by knowledgeable administrators of a network because of inherently weak architecture (easy to crack & establish ‘man-in-the-middle’ attacks)

WPA = mid level encryption; decent security; preferred by many admin’s. with good architecture.

WPA2 = the best of all current common methods; some computer hardware will not support this level.

What is WPA?

WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer’s equipment. WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.

 

 

How does WPA work?

WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.

 

 

How WPA improves on WEP

The weaknesses in WEP have been well publicized. TKIP’s improvements are described below. IV values can be reused/IV length is too short The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP.

 

Weak IV values are susceptible to attack WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex. Master keys are used directly in WEP Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice.

 

Key Management and updating is poorly provided for in WEP Secure key management is built-in to WPA, so key management isn’t an issue with WPA. Message integrity checking is ineffective WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.

 

 

Conclusion

WPA (TKIP) is a great solution, providing much stronger security than WEP, addressing all the weaknesses and allowing compatibility and upgrades with older equipment.

Edited October 9, 2011 by yordan
Quoted the text copied from http://www.openxtra.co.uk/articles/wpa-vs-wep (see edit history)

[evought 0]

So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted.... (snip)

 

There are currently several organizations with the goal of providing free wireless to anyone who wants it.

You may also want to take a look at LifeNet http://thelifenetwork.org/. They are developing software to build ad-hoc networks using Wi-Fi and Bluetooth on portable devices (e.g. Android smartphones) but they can also make use of wireless access points if they are available and set up correctly. In a rural area, cell phone service can be fragile, and a few well-placed access points could allow someone to route an emergency call, especially if the Wi-Fi has a battery backup. You seem to have little problem installing custom software on your router, so it may be something to play with.

 

In our case, we are moving to a setup somewhat similar to yours. We have a few wired systems, and internal wireless network that is severely degraded by the walls of the house (chickenwire in the old plaster in places around here). Anything important internally goes over SSL/SSH anyway. We are putting a second access point with high-gain antennas on the roof firewalled from the local network and powered off of our small solar (and soon to be wind) R/E system so it will continue to be available in a power outage such as another regional ice storm (we've had two in the last four years and one EF5 tornado nearby). We are playing with the early LifeNet software in conjunction with local Neighborhood Watch efforts. We can also use a Wi-Fi PTT app on our smartphones on or near the farm. As a side benefit, I am loading a whole bunch of documentation on a webserver which will be accessible on the long-range Wi-Fi for all that stuff people wish they had downloaded before an emergency, like how to correctly wire a generator and not fry your linemen. With a good antenna and favorable terrain, we have been making Wi-Fi connections at 8 miles or so.