WPA1
- Designed to remove WEPs weaknesses.
TKIP encryption missed, first part of WPA1
802.1x : protocol for auithenticating wireless nodes and generating keys.
- Access point AP is connected to Auth. Server
- Client requests the AP and gets a temporary encryption key
- Client sends username and passowrd to authenticator
- authenticator relays it to an auth server using another encryption
- auth server verifies the client's credentials and sends a permitm message if the verification is successful. it also issues keys for TKIP
Weaknesses in WPA1:
- one way authentication
- management frames for initial handshakes are still unprotected.
WPA2:
Has the following blocks:
- enhanced 802.1x - does bidirectional authentication
- TKIP - kept for backward compatibility
- CCMP - based on AES encryption (strong!)
Weaknesses:
- management frames are still not protected.
Can also use Wireless VPNs. But there is a weakness: IPSec is network layer, so if an attack is launched at data link or physical layer, you are still at risk.
Index