Networking / Beginners

Data Encryption

The final step in securing a wireless network is encrypting the data packets that are floating around. Encryption electronically scrambles data packets and locks them with a private encryption key before transmitting them onto the wireless network. The receiving network device has to possess the encryption key to unscramble the packet and process the data. Thus, a hacker who grabs any data packets out of the air can't read those packets unless he or she has the encryption key. Enabling wireless encryption through Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), or WPA2 provides a good level of security to data packets in transit.

Data Encryption Using WEP Wired Equivalent Privacy (WEP) encryption uses a 64- or 128-bit encryption algorithm to scramble data packets, though even with the strongest encryption enabled, WEP isn't considered to be a particularly robust security solution. In fact, WEP can be cracked in 60 seconds with just a regular laptop and open source software! WEP doesn't provide complete encryption for data packets. It works only on the two lowest OSI network layers: the Data Link and Physical layers. Encryption is stripped from the data packet before it travels up through the subsequent network layers to the application.

Another problem with WEP is that the encryption key is both static (never changes from session to session) and shared (the same key is used by all network nodes). There is also no mechanism for performing user authentication. That is, network nodes that use WEP encryption are identified by their MAC address, and no other credentials are offered or required. With just a laptop and some open source software, MAC addresses are very easy to sniff out and duplicate, thus opening up a possible spoofing attack.

Data Encryption Using WPA Wi-Fi Protected Access (WPA) addresses some of the weaknesses of WEP, and acts as a security protocol upgrade to WEP-enabled devices. WPA offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis) and an encryption key integrity-checking feature.

WPA works by using an extra layer of security, called the Temporal Key Integrity Protocol (TKIP), around the WEP encryption scheme. It's not, therefore, a complete replacement protocol for WEP. TKIP added a 128-bit encryption key that seemed unbreakable when first introduced. Within a couple of years of introduction, though, hackers could waltz through WPA security almost as quickly as through WEP security. Another solution had to be found.

Data Encryption Using WPA2 The IEEE 802.11i standard amended the 802.11 standard to add much-needed security features. One of those features we've discussed already: the 802.1X authentication measure using EAP to provide secure access to Wi-Fi networks. Another key feature, Wi-Fi Protected Access 2 (WPA2), changes the encryption algorithm used in WEP and WPA to the Advanced Encryption Standard (AES); a 128-bit block cipher that's much tougher to crack than the 128-bit TKIP wrapper. WPA2 is not hack proof, but it definitely offers a much tougher encryption standard that stops the casual hacker cold.

[Previous] [Contents] [Next]