What are differences between encryption on wire and wireless
Last Post: December 17, 2009:
-
Could you please figure out my misunderstand?
What are differences between encryption on wire and wireless?
World created some encryption algorithms on wire DES, RSA...., why we don't apply that encryption to wireless? instead of WEP, WPA ...
Thanks -
Hi rick0n,
We actually do use the same algorithms in-the-air. I think it's just the terminology that is getting you.
The WEP standard actually uses RC4 (Developed by Ron Rivest of RSA)
WPA (TKIP) uses RC4 (Developed by Ron Rivest of RSA)
WPA2 (CCMP) uses AES (Rijndael cipher)
This is the very short answer. I've really over-simplified the naming and assigning of protocols here but it's a quick and dirty mapping that should clear things up for you. Luckily, the CWSP study guide goes into much greater detail if you can get your hands on a copy. -
Hi Rick
I???¡é?¡é?????¡é???¡éve put together a few notes that I hope will clear up some these questions:
One of the biggest problems in wireless security [ as in ???¡é?¡é?????¡?¡°wired???¡é?¡é???????? security ] is the enormous range of terms and abbreviations that you have to come to ???¡é?¡é?????¡?¡°terms???¡é?¡é???????? with:
WEP, WPA, WPA2, AES, TKIP, TLS, TTLS???¡é?¡é???????|.etc etc.
When Wi-Fi systems first came out, they were regarded as a bit of a curiosity. ???¡é?¡é?????¡?¡°Oh, you mean that I can sit at a desk well away from an ethernet port and still do some work ?....Oh, that???¡é?¡é?????¡é???¡és nice. How fast are we going ? Well, 1 or 2 Mbs per second???¡é?¡é???????|..Oh, well???¡é?¡é???????|???¡é?¡é????????.
During that time, very few people really thought seriously about security. After all, it DID have security???¡é?¡é???????|.something called WEP apparently. At that time, the only real wardrivers drove something like this:
http://www.wallpaperbase.com/wallpapers/military/m1a1abramstank/M1A1_abrams_tank_4.jpg
People began to catch on that this wireless thingy might actually be useful, but costs were high [ hence few wardrivers ] and speeds were awful. Once again, as happened with ethernet [ originally ran at 3 Mbit/s ] consumer demand gave the impetus for development of high speed systems [ 10Mbps, 100 Mbps etc ]
http://inventors.about.com/library/weekly/aa111598.htm
http://en.wikipedia.org/wiki/Ethernet
Wireless was no different. Speeds went up and up. 802.11b gave us speeds up to 11 Mbps , then 802.11 a then g to 54 Mbps [ as I???¡é?¡é?????¡é???¡ém sure you know, those are not throughput values ] and now onto .11n with speeds in the hundreds of megabits per second.
Two important things happened during this time period:
1. As more and more people started buying Wi-Fi systems [ both for home use and enterprise use ], costs started to go down due to increase in sales volume [ just the same with flat screen TV???¡é?¡é?????¡é???¡és ]. This meant that it was now afforable for wardrivers, hackers etc to purchase the hardware.
2. Businesses started to catch on to the benefits of Wi-Fi ???¡é?¡é?????¡é?€?? mobility/portability, not bad speeds etc. Very few people thought about security. After all that WEP thingy had been put in there, and surely the people with big brains who put the whole 802.11 business togther had thought it out very carefully ?.... didn???¡é?¡é?????¡é???¡ét they ???¡é?¡é???????|?
Serious cracks started to show in WEP. Both academic and hacker types showed serious weaknesses in WEP. I won???¡é?¡é?????¡é???¡ét go into them here, but you can google for more info. The U.S. government was looking at a new encryption method to replace the DES system [ 3DES etc ] which had served valiantly for many years, but like WEP was showing security issue areas of concern. They asked academic institutions, security organizations etc to try to look for weaknesses in the system. Finally they settled on the AES system. This is called an encyption METHOD. At it???¡é?¡é?????¡é???¡és heart, it contained an encryption ALGORITHM called the Rijndael algorithm. This is where a lot of confusion comes in. What is the difference between a method and an algorithm ?
Think of the car that you drive every day. What is the heart of the car? Most folks would say the engine. But in order for the car to work as a whole, you need other bits and pieces surrounding it, like the wheels, body, seats etc.
We can think of the encryption algorithm as the ???¡é?¡é?????¡?¡°engine???¡é?¡é???????? that runs the whole thing, and the ???¡é?¡é?????¡?¡°whole thing???¡é?¡é???????? as being the entire car.
So what are the other ???¡é?¡é?????¡?¡°things???¡é?¡é???????? that the method would include ? Well, back to WEP???¡é?¡é???????|..
After all of WEP???¡é?¡é?????¡é???¡és weaknesses were shown, a degree of panic ensued. People started to say ???¡é?¡é?????¡?¡°We need to get a stronger method of security in place???¡é?¡é???????|. What about this AES thingy ????¡é?¡é????????. Well, there were a couple of problems. In order to try and keep costs down, 802.11 wireless cards had been manufactured with the barest amount of memory and the most minimal ???¡é?¡é?????¡?¡°power???¡é?¡é???????? of microprocessor to utilize WEP. AES required much more powerful processing capabilities and more memory. That would imply a physical hardware swap-out, and that would mean money, inconvenience etc.
Was there an interim solution ? Well, industry, the IEEE and the Wi-Fi Alliance got together and put together a very, very clever interim solution known as TKIP [ part of a ???¡é?¡é?????¡?¡°total???¡é?¡é???????? solution called 802.11i ].
The Wi-Fi alliance folks marketed this as WPA [ Wi-Fi Protected Access ]. The idea was that this would act as an interim solution until a more powerful security system within 802.11i could come into play [ with a method called CCMP , based on the AES method ].
This TKIP system would only require a firmware upgrade in most cases. The method still had at it???¡é?¡é?????¡é???¡és core, the RC4 algorithm that WEP used, but the TKIP method added some other things [ the wheels, seats etc ]. What were these other things ?
Well, one problem with WEP was that ???¡é?¡é?????¡?¡°replay attacks???¡é?¡é???????? could occur, whereby a hacker could capture ???¡é?¡é?????¡?¡°true???¡é?¡é???????? frames and replay them later. TKIP helped get around that by introducing a sequence counter which kept track of the number and sequence of frames sent [ in a similar manner to HDLC, but more powerful ].
With WEP, the same old key was used for every frame. If you sent data that had been repeated for example, hackers could deduce valuable information from this. TKIP uses a unique key for each frame by means of a clever process called ???¡é?¡é?????¡?¡°key mixing???¡é?¡é????????.
It is possible for an intruder to ???¡é?¡é?????¡?¡°capture???¡é?¡é???????? frames and alter them and then re-transmit them to the receiver, pretending to be the original true transmitter. WEP uses a very primitive method to alert the receiver that tampering may have taken place. TKIP uses a clever Message Integrity Check [ MIC ] using an algorithm called Michael. Due to processor limitations [ remember TKIP was meant as an interim solution ] MIC could not stand a determined, sustained attack, so it introduced countermeasures that would basically shut everything down and start off again with fresh keys.
In summary:
An encyption METHOD uses an encryption ALGORITHM at it???¡é?¡é?????¡é???¡és heart [ an algorithm is a step by step procedure for resolving a mathematical problem in a fixed number of steps ]. Hence, the good old ???¡é?¡é?????¡?¡°wired???¡é?¡é???????? algorithms of RC4 etc still appear in the wireless world.
TKIP was designed as an interim firmware upgrade solution to some WEP downfalls whilst waiting for hardware upgrades [ hopefully ] for more powerful AES based CCMP solutions.
Hand in hand with all this stuff is the process of Authentication using 802.1X [ NOT 802.11X as many say ]. Once again this was a wired solution which was adapted for use in a wireless environment. In fact, a key component of it called EAPOL means EAP [ Extensible Authentication Protocol over LAN???¡é?¡é?????¡é???¡éS ???¡é?¡é?????¡é?€?? not wireless LAN???¡é?¡é?????¡é???¡és ]. EAPOL can be simply transported across a wireless LAN by using an 802.11 MAC header. The whole EAP method data /EAP data/EAP/EAPOL ???¡é?¡é?????¡?¡°package???¡é?¡é???????? is carried across as a payload, nothing more.
Where did EAP come from ? Once again from the wired world. Many moons ago, PPP was the main man in the world of authentication [ still important today, as the basis for many other protocols, and still in use in many places ]. PAP and CHAP were used [ and still can be, using tunneled protection ] but showed many problems. New methods were introduced. The problem was that the PPP header has a type [ protocol number ]field that shows what to expect in the payload. Every time a manufacturer came up with a new authentication method, the IEEE had to ???¡é?¡é?????¡?¡°reserve???¡é?¡é???????? a number. That field is only a certain physical size, and they realized that they could run out of numbers. So what they did was to say ???¡é?¡é?????¡?¡°OK, all you lot out there???¡é?¡é???????|.. instead of you coming to us very time with a new authentication method, and us having to assign a number to it, we are going to assign a type code of 0xC227 for a thing called EAP in the PPP header. You can then assign ???¡é?¡é?????¡?¡°sub-type numbers???¡é?¡é???????? to whatever authentication system you want???¡é?¡é????????. An that???¡é?¡é?????¡é???¡és how the whole EAP business took off. Nowadays we have all sorts of sub-types; TLS, TTLS, GTC???¡é?¡é?????¡é???¡és etc.
If you really, really want to know how DES etc work, ???¡é?¡é?????¡?¡°Cryptography and Network Security???¡é?¡é???????? by William Stallings is for you. But be warned???¡é?¡é???????|although a superb book, the math can turn you cross-eyed.
One key fact to remember- although 802.11 etc are wonderful things , the vast majority of all the technology was based on work previously done in other areas ???¡é?¡é?????¡é?€?? wired side, satellite side, microwave side.
Don???¡é?¡é?????¡é???¡ét get me wrong. It can be very complicated. Reading the specs for 802.11-2007 and 802.11n from beginning to end will have your brain in rags at the finish, but most of that stuff has previous work at it???¡é?¡é?????¡é???¡és foundation.
Hope this has been helpful.
Cheers
Dave -
Bye the way, where did the Wi-Fi alliance come into play here ?
http://en.wikipedia.org/wiki/Wi-Fi_Alliance
Creating an IEEE standard can take an incredibly long time [ and often necessarily so, because a lot is resting on it ???¡é?¡é?????¡é?€?? manufacturers use those standards as a template in creating code, ASIC???¡é?¡é?????¡é???¡és etc lots of time and money involved ].
In order to help get around that, the Wi-Fi alliance will often use a draft 802.11 proposal [ something that contains the ???¡é?¡é?????¡?¡°meat???¡é?¡é???????? of the specification, but without all the detailed ???¡é?¡é?????¡?¡°bells and whistles???¡é?¡é?????¡é???¡é ] to create their own standard so that manufacturers can get cracking with getting products out the door. Later on down the road, when the final spec is ???¡é?¡é?????¡?¡°ratified???¡é?¡é????????, usually only a firmware download is necessary to bring the device up to ???¡é?¡é?????¡?¡°full spec???¡é?¡é????????. Doesn???¡é?¡é?????¡é???¡ét always work exactly like that, but in most cases it does.
This is what happened with WPA and WPA2 and also with ???¡é?¡é?????¡?¡°draft 802.11n???¡é?¡é???????? systems.
Anyways, enough of that for a Friday afternoon. Off to make a nice cup of tea....
Dave -
Dave, your clarifications are extremely useful!
Thanks for your time and effort.
- 1