5.9 Describe Wireless security protocols ( WPA, WPA2 and WPA 3 )

Primary modes of key distribution

* Pre-Shared Key (PSK) Mode ( a.k.a Personal Mode ) : Matching keys are preconfigured on wireless clients and access points * Enterprise Mode: Clients provide authentication server ( e.g a Radius server ), which permits or denies network access and provides a session key to use during a permitted session.

Authentication

A user provides credentials, such as a username and a password, to gain access to a network

Encryption

Packets are scrambled such that, if they're intercepted by an attacker, an attacker cannot make sense of them

Enhance encryption protocols

• Temporary Key Intergrity Protocol ( TKIP ) Improved encryption compared to RC4 • Advanced Encryption Standard ( AES ) Significantly stronger encryption, compared to TKIP, and vastly superior to RC4

Enhanced Security protocols

• Wi-fi Protected Access ( WPA ) - used TKIP for enhanced encryption - Upgraded security in software without requiring new hardware - used a longer initialization vector ( IV ) ( 48 bits, up from 24 bits ) • Wi-fi Protected Access II ( WPA2 ) - Became a requirement for WiFi cert in 2006 - Required support for AES - Required more processing power than WPA - Susceptible to the KRACK vulnerability ( discoverd in 2016 ) • WiFi Proteced Access III ( WPA3 ) - Uses 192-bit AES encryption ( for Enterprise Mode ) - Uses Protected Management Frame's ( PMF's ) to prevent other devices from spoofing management frames - Uses Simultaneous Authentication of Equals ( SAE ) to require interaction with the network before generating a key, in order to prevent dictionary attacks - Prevents eavesdropping on public networks ( or with pre-shared keys) - Replaces WiFi protected Setup ( WPS ) with Device Provisioning Protocol ( DPP )