What is Wireless Security?

Wireless security is used for stopping any unauthorized access to systems or stealing information from a system and helps prevent damage to a system from using wireless networks. Today nearly everything is wireless which causes concern for a big security problem. Any person within a geographical network range of an open network can use this security vulnerability and be able to record the traffic on the network and be able to gain access to the internal network. From being able access an internal network an attacker could steal any information they find and could even use some information as a form of blackmail. Wireless networks help by creating convenience for most people, but creates a new issue involving how to protect your system from being vulnerable.

The origin of wireless security dates back to 1999 when Wired Equivalent Privacy (WEP) security protocol was designed. If someone were to connect to a network that has been secured using WEP, then a WEP key would be added to some data to create an initialization vector. Originally the WEP key was 64 bits and would use a 40-bit key which is then concatenated with a 24-bit initialization vector to create a RC4 key. There are two different types of authentication when using WEP the first being open system authentication. Anyone can authenticate with the access point and then try to associate which basically means very little authentication occurs with an open system authentication. As for shared key authentication type it uses the WEP key for authentication it begins by having the client send an authentication request to an access point. From here the access point will then send some text that will be transmitted unencrypted. To where the client then encrypts the unencrypted text that was sent using the WEP key and then returns it with another authentication request. The access point then decrypts the text and if it matches the original text then the client is then authenticated. Surprisingly open system authentication is more secure than shared key authentication, mainly because an attacker could intercept and decrypt the data easier than an open system authentication. The main take away from understanding this security protocol is that it was the origin to wireless security protocols, but it is no where near the most secure.

After WEP was shown to have many security vulnerabilities along came a new protocol in 2003 called Wi-Fi Protected Access (WPA). This protocol was seen as an improvement from the flawed WEP for starters the WPA created a stronger authentication method by using an extensible authentication protocol (EAP). The way the EAP worked was by having a client make a request connection to the network through an access point. Afterwards the access point will request ID from the user and then send the ID to an authentication server. From here the authentication server will send a request to the access point to determine if the ID is valid. Once the access point receives verification from the user, the access point then sends it back to the authentication server and after that the user will then be authenticated on the network. The WPA also use a must better encryption method than WEP the encryption method is called the temporal key integrity protocol (TKIP). This encryption method used an extended initialization vector, a re-keying mechanism as well as message integrity check. While WPA was a great improvement from WEP there were still improvements that could be made so WPA2 came out in 2004. WPA2 changed the original authentication method from the EAP to use the counter mode cipher block chaining message authentication protocol. This protocol also known as CCMP creates a more secure network from the original WAP by creating 128-bit keys and 48-bit initialization vectors. This protocol also does a fantastic job at hiding information from an attacker that would be trying to intercept any information during transmissions. WPA2 is not perfect, but it helps strengthen the security with better authentication, verification, and encryption. Relatively recently in 2007 a new wireless security method emerged called Wi-Fi Protected Setup (WPS). WPS was intended to create a strong security method by registering a device on your internal network by entering in an 8-digit PIN number. While this sounds like it would be secure it was later discovered that WPS could easily be circumvented. The eighth number in the pin is just a checksum to ensure that the other digits do not get corrupted, this leaves seven random digits which is a lot of possibilities except the possibilities shrink when the first four digits are checked separately form the last three digits. Which then shrinks the possibilities down to 11,000 which can easily be cracked by a computer within an hour.

Wireless security has become incredibly important as more and more devices become wirelessly connected to a network there needs to be better security. Over the past twenty years people have been working on creating a more secure environment for wireless devices. Recently WPA3 has been released and has improved every aspect of WPA2. Wireless networks have helped by creating convenience while also opening many vulnerabilities, but wireless security protocols have been improving and perfecting the art of making wireless networks secure for twenty years.