1. Erik Nicholson COSC 352 March 2, 2010

2. WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different manufacturers wireless equipment Bridges the gap between WEP and 802.11i(WPA2)networks Able to deliver a higher level of security compared to WEP Uses Temporal Key Integrity Protocol or (TKIP) and allows WEP to be upgraded to correct existing security problems Passwords are limited to A-F & 0-9

3. WPA Advantages over WEP: Initialization vector increased from 24 bits to 48 bits Results in probability of assigning 500 trillion different key combinations Better key management Master keys are never directly used Contains impressive message integrity checking WPA avoids using weak IV values A different key is scrambled and used for each packet, resulting in a more complex secret key

4. WPA WPA protocol implements the majority of IEEE802.11i standard Due to security problems, it has been upgraded to WPA2, which provides a more stronger and secure data protection and network access control WPA2 has replaced WPA WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm,CCMP which is considered fully secure.

5. WEP Wired Equivalent Privacy Security protocol for wireless local area networks (WLAN) a defined in the 802.11b standard Provides same level of security as a wired LAN Provides security by encrypting data over radio frequency waves, so its protected as its transmitted from end point to end point Used at the data link and physical layers on the OSI model

6. WEP Works by using secret keys or codes to encrypt data Access point and client both must know the codes in order for it to function Uses either 64 bit or 128 bit keys Actual user codes are 40 and 104 bits, with the extra 24 bits used by the IV(Initialization Vector) 3 settings Off(no security) 64-bit(Weak security) 128 bit (Higher security) Used for mobile and non-pc devices such as Cell phones, PDA’s and Mp3 players

7. WEP Disadvantages No limit on using same IV value more than once Encryption vulnerable, especially to collision-based attacks Only 24 bits in IV, so there's only 16.7 million variations of keys Master keys are directly used, instead of generating temporary keys Users don’t change keys often Gives attackers time to try various techniques to hack into

8. WEP Contains two authentication methods: Open System authentication Shared Key authentication

9. Open System authentication Client doesn’t need to provide its credentials to access point during authentication Allows clients to be able to authenticate themselves with the access point and then attempts to associate No real authentication takes place then WEP can be used for encrypting data frames Client needs to have right keys

10. Shared Key authentication Four way request and response 1. Client station sends authentication request to access point 2. Access point sends back clear-text challenge 3. Client must encrypt the text using configured WEP key, and then sends it back for another authentication request 4. Access point decrypts the information, and compares it to the clear-text it sent Depending on comparisons, the access point will send a positive or negative response

11. Conclusion WPA (Wi-Fi Protected Access) is a more reasonable choice in a network security protocol. Allows for a longer IV length Much better encryption methods which prevents the reuse of the IV keys Master keys are used directly, resulting in a decrease in the ability of hackers to get into network and system With WPA, you can use the same equipment, with a much better security option. The only thing you need to do is to upgrade the software and firmware.