Which encryption algorithm could be used to configure wpa in a mode that is compatible with wep?

Wi-Fi is an abridgement for Wireless Fidelity, a networking technology that connects computers and other network devices using radio waves. Wireless Access Points (WAP), or Access Points (AP), allow wireless devices to connect to both wireless and wired networks. Having a Cisco wireless network makes it easier to bring new devices online, and it also provides flexible support to mobile end users.

Nội dung chính Show

Common Wireless Security Protocols
What encryption algorithms are used by WEP and WPA?
What encryption protocol is used for WPA?
Is WPA compatible with WEP?
What is WPA TKIP or AES?

Unlike in wired networks, where data is transmitted through fiber and copper cables, the Wi-Fi network transmits data across the air in accordance with the transmitter’s antenna pattern, and it could reach any Wi-Fi-enabled devices that are within the range.

In our figure below, let’s consider that User1 is trying to send confidential data to User2. But because a Malicious User is within the wireless range of the wireless access point, it could potentially gain access to the same confidential data. The convenience of Wi-Fi networks also makes it easy for transmissions to be overheard and exploited by malicious users. Therefore, we need to implement Wi-Fi security.

Common Wireless Security Protocols

Listed below are the most common WiFi security protocols or standards implemented for our wireless network security:

1. 1999: Wired Equivalent Privacy (WEP) – is a security option that uses the RC4 cipher algorithm to encrypt every frame so that eavesdroppers can’t read the contents.

WEP supports two WiFi security authentication modes:

Open Authentication – The wireless client doesn’t provide any credentials and only uses WEP encryption to encrypt data frames.
Shared Key Authentication – WEP key is used for both authentication and encryption.

NOTE
The IEEE declared in 2004 that WEP had been deprecated as it failed to meet its security goals.

2. 2003: Wi-Fi Protected Access (WPA) – this wireless security standard uses Temporal Key Integrity Protocol (TKIP), which recycled some items from WEP, and it still uses the RC4 algorithm. TKIP uses 256-bit keys instead of the 64 and 128-bit keys in WEP.

3. 2004: WPA2 – the most significant upgrade in WPA2 is that it uses AES-CCMP encryption instead of the old RC4 encryption. For backward compatibility reasons, you can still use TKIP as a fallback mechanism for WPA clients. It also introduced Wi-Fi Protected Setup (WPS). If you want to connect to a network that uses a pre-shared key, then you need to know the SSID and the pre-shared key.

4. 2018: WPA3 – still uses AES but replaced CCMP with the Galois/Counter Mode Protocol (GCMP). The key length for AES has increased.

Another new feature of WPA3 is Simultaneous Authentication of Equals or SAE. Instead of a four-way handshake authentication, SAE improves the security of initial key exchange and offers better protection against offline dictionary-based attacks.

WPA3 Uses Either of These Two WiFi Security Modes:

WPA3-Personal mode – offers 128-bit encryption, and it uses WPA-PSK/pre-shared key.
WPA3–Enterprise – offers 192-bit encryption, and it uses AAA/RADIUS authentication server.

As more and more network vulnerabilities are being discovered, we should always plan our security measures and get one step ahead of the attackers. We can avoid unsecured wireless networks by always selecting the highest WPA version whenever possible.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:

When a wireless vendor wants WPA certification, its wireless hardware has to go through a testing process in authorized testing labs. When their hardware meets the criteria, they receive WPA certification.

WPA supports two authentication modes:

Personal
Enterprise

With personal mode, we use a pre-shared key. The pre-shared key is not used directly over the air. Instead, wireless clients and the AP use a four-way handshake that uses the pre-shared key as input to generate encryption keys. When this process is finished, the wireless client and AP can send encrypted frames to each other.

Enterprise mode uses 802.1X and an authentication server, usually a RADIUS server. WPA doesn’t specify a specific EAP method so you can use what works best for your scenario. All standard EAP methods like PEAP and EAP-TLS are supported.

WPA

The first wireless devices were certified for WPA (version 1) in 2003. WPA is the Wi-Fi Alliance’s answer to replace WEP with all its vulnerabilities. WEP uses RC4, which is an insecure algorithm.

There are far more secure encryption algorithms like AES, but the problem is that you need hardware support. Back then, most wireless clients and APs only supported RC4 in hardware. We needed a more secure software algorithm, without replacing hardware.

WPA uses Temporal Key Integrity Protocol (TKIP), which recycled some items from WEP; it still uses the RC4 algorithm. Some things are improved; for example, TKIP uses 256-bit keys instead of the 64 and 128-bit keys in WEP.

Unfortunately, WPA was doomed from the start. It was based on parts of the 802.11i standard, which was still a draft. It was good enough to replace WEP and use existing hardware, but in the long run, something else was needed.

WPA2

WPA2 is the replacement for WPA and is based on the IEEE 802.11i (ratified) standard. Certification began in 2004, and from March 13, 2006, it was mandatory for all devices if you wanted to use the Wi-Fi trademark. The most significant upgrade is that WPA2 uses AES-CCMP encryption instead of the old RC4 encryption that WEP and WPA use.

For backward compatibility reasons, you can still use TKIP as a fallback mechanism for WPA clients.

WPA2 also introduced Wi-Fi Protected Setup (WPS). If you want to connect to a network that uses a pre-shared key, then you need to know the SSID and the pre-shared key.

With WPS, you only have to push a button or enter a PIN code, and your wireless client automatically configures the SSID and pre-shared key. WPS makes it easier for non-tech savvy users to configure a wireless network, especially when you use long, complex pre-shared keys. However, researchers discovered a vulnerability for WPS in 2011. An attack against WPS can brute force the WPS PIN in a few hours, which results in an exposed pre-shared key.

WPA3

The Wi-Fi Alliance introduced WPA3 the next-generation replacement for WPA2, in 2018. WPA3 still uses AES but replaced CCMP with the Galois/Counter Mode Protocol (GCMP).

The key length for AES has increased. WPA3-personal still uses 128-bit AES, but optionally can use 192-bit. For WPA3-enterprise, it’s a requirement to use 192-bit keys.

WPA2 introduced Protected Management Frames (PMF), but it was optional. WPA3 makes it a requirement. PMF protects:

What encryption algorithms are used by WEP and WPA?

Wi-Fi Protected Access (WPA) : It was designed to replace the WEP protocol and it uses Rivest Cipher 4 (RC4) and Temporal Key Integrity Protocol (TKIP) for encryption. WPA key is 256 bit key.

What encryption protocol is used for WPA?

WPA also uses the Temporal Key Integrity Protocol (TKIP), which dynamically generates a new key for each packet, or unit of data. TKIP is much more secure than the fixed-key system used by WEP.

Is WPA compatible with WEP?

However, WPA is not backwards compatible with WEP at all, and you can't mix WEP with the same configuration.

What is WPA TKIP or AES?

TKIP provides per-packet key mixing a message integrity and re-keying mechanism. AES (short for Advanced Encryption Standard) is the Wi-Fi® authorized strong encryption standard. WPA-PSK/ WPA2-PSK and TKIP or AES use a Pre-Shared Key (PSK) that is 8 or more characters in length, up to a maximum of 63 characters.