We will explain what AES and TKIP are and suggest which option you should choose for your WPA2-supported devices. Choosing the best encryption mode is important for both security and the speeds on your device. Show
Wi-Fi Protected Access 2 (WPA2) is a security certification program developed by the Wi-Fi Alliance to secure wireless computer networks. Depending on the type and age of your wireless router, you will have a few encryption options available. The two main ones for WPA2-Personal (the edition used by home or small business users) are Advanced Encryption Standard (AES) and the older Temporal Key Integrity Protocol (TKIP), or a combination of both. In this article, we will explain what AES and TKIP are and suggest which option you should choose for your WPA2-supported devices. You need to choose the best encryption mode not only for security reasons but because the wrong mode can slow your device down. If you choose an older encryption mode, even if your wifi router supports a faster encryption type, data transmission will automatically slow down to be compatible with older devices it connects with. We will also explain some wifi security terms related to WPA2, e.g. those mentioned in the below diagram, focused primarily on WPA2-Personal. For instance, the terms certifications, standards, protocols, and programs are sometimes (confusingly) used interchangeably, and often incorrectly. Is AES a protocol or an encryption type? Is WPA2 a protocol or a standard? (Spoiler alert: AES is a standard and WPA2 is a certification.) It is OK to be a little lenient about wifi terminology, as long as you know what these terms really mean. This article sets the record straight. And yes, we use the term “mode” very loosely to describe WPA2 encryption and authentication settings. WPA2 101 – a (very) brief overviewThere are two versions of WPA2: Personal (for home and office use) and Enterprise (for corporate use) editions. In this article, we will focus on the former but will compare it to the Enterprise version, which will help illustrate what WPA2-Personal does not do. How reliable are common wifi security certifications?“Wireless networks are inherently insecure. In the early days of wireless networking, manufacturers tried to make it as easy as possible for end users. The out-of-the-box configuration for most wireless networking equipment provided easy (but insecure) access to a wireless network.” (Source: Dummies) How secure is WPA2 compared to other commonly-used wifi certifications? Until WPA3 came long, WPA2 was considered, KRACKs and all, the most secure option. WPA2’s current vulnerabilities may be effectively patched, but you still need to choose the best encryption type for your wifi device and your usage requirements. If you are a small business with older devices, for instance, you may need to sacrifice speed for security, or upgrade your devices. If you are a large organization, you may decide to ditch WPA2 altogether and start planning to roll out WPA3 as soon as possible. Wifi encryption connection standards used in public wifi hotspots globally (Source: Kaspersky Security Network (KSN)) How secure are the primary wifi certifications in use today?
AES, TKIP, or both, and how do they work?TKIPAccording to Wikipedia, TKIP was designed to “replace” the then vulnerable WEP “standard” without having to make changes to the hardware that was running the Wired Equivalent Privacy (WEP) standard. It uses the RC4 cipher. Network World explains TKIP does not actually replace WEP; it is a “wrapper”. Unfortunately, it is wrapped around the fundamentally unsafe WEP, the reason being it was intended as a temporary measure, because nobody wanted to throw away all the hardware investments they had made, and it was able to be quickly deployed. The lattermost reason was enough for vendors and business managers to embrace it enthusiastically. In its day, TKIP hardened WEP security by:
How vulnerable is TKIP really? According to Cisco, TKIP is vulnerable to packet decryption by an attacker. However, only the authentication key can be stolen by an attacker, not the encryption key.
The problem is, if the white hats are discovering discover larger vectors for inserting attacks, so are the black hats. There is a downside when TKIP is used with PSK. “With 802.1X authentication, the session secret is unique and transmitted securely to the station by the authentication server; when using TKIP with pre-shared keys, the session secret is the same for everyone and never changes—hence the vulnerability of using TKIP with pre-shared keys.” AESAES (based on the Rjiandael algorithm) is a block cipher (the “S” actually stands for standard and is another instance of confusing terminology) used by the protocol called CCMP. It converts plaintext into ciphertext and comes in key lengths of 28, 192, or 256 bits. The longer the key-length, the more inscrutable the encrypted data by hackers. Security experts generally agree AES has no significant weaknesses. AES has only been successfully attacked a few times by researchers, and these attacks were mainly side-channel ones. AES is the encryption of choice for the US Federal government and NASA. For more reassurance, visit Stack Exchange’s Crypto forum. For well-explained technical details about how AES works, which is out of the scope of this article, visit eTutorials. Wifi terms and acronyms you should knowCertifications and standardsAlthough WPA2 is a certification program, it is often referred to as a standard and sometimes as a protocol. “Standard” and “protocol” are descriptions used often by journalists and even the developers of these certifications (and at the risk of being pedantic), but the terms can be a little misleading when it comes to understanding how standards and protocols relate to wifi certification, if not downright incorrect. We can use the analogy of a vehicle being certified as roadworthy. The manufacturer will have guidelines that specify safety standards. When you buy the car, it will have been certified as safe to drive by an organization that specifies the standards for vehicle safety. So, while WPA2 should be called a certification, it could loosely be called a standard. But, to call it a protocol confuses the meaning of actual protocols – TKIP, CCMP, and EAP – in wifi security. Protocols and ciphersAnother layer of confusion: AES is the acronym for Advanced Encryption Standard. And, according to a Stack Exchange user, TKIP is not actually an encryption algorithm; it is used to ensure data packets are sent with unique encryption keys. The user, Lucas Kauffman, says, “TKIP implements a more sophisticated key mixing function for mixing a session key with an initialization vector for each packet.” Incidentally, Kauffman defines EAP as an “authentication framework”. He is correct in that EAP specifies the way messages are transmitted; it does not itself encrypt them. We will touch on this again in the next section. WPA2, and other wifi certifications, use encryption protocols to secure wifi data. WPA2-Personal supports multiple encryption types. WPA and WPA2 are backwards-compatible with WEP, which only supports TKIP. Juniper refers to encryption protocols like AES and TKIP as encryption ciphers. A cipher is simply an algorithm that specifies how an encryption process is performed. According to AirHeads Community:
As does EAP, although it is an authentication, not an encryption protocol. The bottom line:
WPA2 encryption and authenticationAuthentication – PSK versus 802.1XLike WPA, WPA2 supports IEEE 802.1X/EAP and PSK authentication. WPA2-Personal – PSK is the authentication mechanism used to validate WPA2-Personal users making a wifi connection. It was designed primarily for general home and office use. PSK does not need an authentication server to be set up. Users log in with the pre-shared key rather than with a username and password as with the Enterprise edition. WPA2-Enterprise –The original IEEE 802.11 standard (the “roadworthy” standard for wifi certification) was released in 1997. Later versions were often developed to improve the speed of data transmits and catch up with new security technologies.The latest WPA2- Enterprise versions conforms with 802.11i. Its underlying authentication protocol is 802.1X, which enables wifi devices to be authenticated by username and password, or using a security certificate. 802.1X authentication is deployed onto an AAA server (typically RADIUS) that provides centralized authentication and user management functionality. EAP is the standard used to transmit messages, and authenticate client and server authenticator before delivery. These messages are secured via protocols such as SSL, TLS and PEAP. Encryption – “seeds” and PMKWPA2-Personal – PSK combines a passphrase (pre-shared key) and an SSID (which is used as a “seed” and is visible to everyone in range) to generate encryption keys. The generated key – a Pairwise Master key (PMK) – is used to encrypt data using TKIP/CCMP. The PMK is based on a known value (the passphrase), so anyone with that value (including an employee who leaves the company) could capture the key and potentially use brute force to decrypt traffic. A few words on seeds and SSIDs.
A good passphrase can mitigate the potential risk associated with using an SSID as a seed. A passphrase should be generated randomly and changed often, particularly after using a wifi hotspot and when an employee leaves a company. WPA2-Enterprise – After the RADIUS server has authenticated the client, it returns a random 256-bit PMK that CCMP uses to encrypt data for the current session only. The “seed” is unknown, and every session requires a new PMK, so brute force attacks are a waste of time. WPA2 Enterprise can, but does not ordinarily, use PSK. What encryption type is best for you, AES, TKIP, or both? (Solved)The original question posed in this article was should you use AES, TKIP, or both for WPA2? Selecting an encryption type on your routerYour choices (depending on your device) may include:
On your device, instead of WPA2, you may be shown the option “WPA2-PSK”. You can treat this as the same thing. Tips to harden PSK securityTerrence Koeman’s comments on Stack Exchange make for enlightening reading about why WPA2-Enterprise is more secure than WPA2-Personal. He also provides the below tips:
What’s next? WPA3 has been releasedAccording to NetSpot, “Probably the only downside of WPA2 is how much processing power it needs to protect your network. This means more powerful hardware is needed to avoid lower network performance. This issue concerns older access points that were implemented before WPA2 and only support WPA2 via a firmware upgrade. Most of the current access points have been supplied with more capable hardware.” And, most vendors continue to supply WPA2 patches. WPA2 will gradually be phased out by WPA3, released in June 2018 after the identification of a security vulnerability called KRACK in WPA2 the previous year. The rollout is expected to take some time (possibly to as late as 2019) while vendors certify and ship new devices. While patches for the KRACK vulnerability have been released, WPA2 is not nearly as secure overall as WPA3. For a start, you should ensure you select the most secure encryption method. Skeptic Dion Phillips, writing for InfiniGate, thinks, “… it is doubtful that current wireless devices will be updated to support WPA3 and far more likely that the next wave of devices will be put through the certification process.” You got it; in the end, it is likely you will have to buy a new router. In the meantime, to stay safe, you can patch and secure WPA2. There have been no documented reports of KRACK attacks yet but WPA3 certification provides far more security than just plugging the KRACK vulnerability. Currently an optional certification program, it will in time become mandatory as more vendors adopt it. Learn more about WPA2 and 3 with Comparitech’s article on What is WPA3 and how secure is it? WPA3 securityWhile WPA3’s security upgrades patched up many of WPA2’s holes, it wasn’t perfect. In 2019, researchers published findings that showed how an attacker within range of their victim could recover the victim’s password. The attack worked despite WPA3’s underlying Dragonfly handshake, which aimed to make it impractical to crack a network’s password. The attack is worrying, because it means that an attacker could access sensitive data such as login details if they were being entered without a HTTPS connection (you should always make sure you have a HTTPS connection whenever you enter your password or other sensitive information into a website, otherwise the data is vulnerable). The details of the attack are explained by the researchers in their Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EaP-pwd paper. Alongside the Wi-Fi Alliance and CERT/CC, they notified the affected vendors and helped them implement countermeasures. WPA3 security guidelinesIn late 2019, the Wi-Fi Alliance released a set of security guidelines for WPA3 to minimize the risks of attacks:
The security guidelines state that failure to implement them correctly may leave the vendor implementation open to an attack or network compromise. Learn more about wifi security
Which encryption algorithm is used in TKIP?1.3 WPA and TKIP. TKIP was designed to run on WEP hardware without slowing the hardware down significantly. To do this, TKIP is a preprocessing step before WEP encryption. RC4 is still the encryption algorithm, and the WEP CRC-32 could not be eliminated.
When was TKIP created?Temporal Key Integrity Protocol (TKIP /tiːˈkɪp/) is a security protocol used in the IEEE 802.11 wireless networking standard.
...
Temporal Key Integrity Protocol.. Which wireless encryption standard uses RC4 with TKIP?WPA used an encryption method called RC4 along with something called TKIP, T-K-I-P, that stands for temporal key integrity protocol. And TKIP did was, every packet would be assigned a different key.
How is TKIP a security benefit?TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network."
|