WPA2: Advanced Security Protocol for Wi-Fi Networks
WPA2 (Wi-Fi Protected Access 2) enhances Wi-Fi security, providing a more robust solution than its predecessor, WPA, by utilizing CCMP (Counter Mode CBC-MAC Protocol). This replaces the insecure RC4 cipher with AES (Advanced Encryption Standard), significantly improving confidentiality and integrity.
๐ Key Security Features of WPA2:
CCMP with AES:
Authenticated Encryption: Ensures both confidentiality and integrity of data.
AES in Counter Mode: Uses a random seed and an incremental counter to create a stream cipher for encrypting data.
CBC-MAC: Authenticates messages by generating a digest before encryption.
Four-Way Handshake Process:
WPA2 uses this handshake to authenticate clients and generate a unique encryption key for secure communication.
It derives the Pairwise Transient Key (PTK), ensuring encryption confidentiality between the client and access point (AP).
The handshake also provides the Group Transient Key (GTK) for encrypting multicast or broadcast traffic, shared among all clients.
๐ How the Four-Way Handshake Works:
AP Sends ANonce: The AP sends a random value (ANonce) to the client.
Client Sends SNonce: The client responds with its own random value (SNonce).
AP Sends GTK: The AP transmits the GTK encrypted with the PTK.
Client Acknowledges: The client confirms the successful key negotiation.
PTK Generation: Combines the Pairwise Master Key (PMK), nonces, and MAC addresses of both the AP and client. The PTK comprises several keys used for:
Encrypting EAPoL packets.
Sending/receiving message integrity codes.
Temporarily encrypting data traffic.
GTK: Used to encrypt group communication, shared by all clients connected to the AP.
๐ก WPA2-Enterprise vs. WPA2-Personal:
WPA2-Personal (PSK): Uses a pre-shared key (password) to authenticate clients.
WPA2-Enterprise (802.1X): Introduces centralized authentication using a RADIUS server and dynamically generates PMKs.
๐ฅ Vulnerability in WPA2: Brute-Force Attack on the Four-Way Handshake:
WPA2 is robust but susceptible to offline brute-force attacks if an attacker captures the four-way handshake. Here's how:
Capture Handshake Packets: An attacker intercepts four packets exchanged during the handshake.
Brute-Force PMK: The attacker guesses the PMK (Pairwise Master Key), combining the guessed password with the SSID.
PTK Validation: By verifying the message integrity (MIC), the attacker knows when theyโve guessed the correct PMK.
Dictionary and Rainbow Table Attacks: Using pre-computed rainbow tables (available for popular SSIDs and passwords), attackers can significantly reduce computational time by pre-calculating PMKs.
๐ Mitigating Brute-Force Attacks:
Strong Passwords: Ensure WPA2 passphrases are long and complex to thwart dictionary and rainbow table attacks.
Regular Key Rotation: Periodically update network keys (GTK and PMK) to limit the attack window.
Last updated