3.4 Wireless Security Flashcards
Define Counter/CBC-MAC protocol (CCMP)
Encryption used by WPA2 with CBC-MIC providing message integrity check (MIC)
Define WPA2 (2)
- Provides encryption, data integrity & authentication
- Secure but subject to brute-force attacks by obtaining the hash for the pre-shared key
Define Galois Counter Mode Protocol (GCMP)
Encryption used by WPA3 with Galois message authentication code (GMAC) providing message integrity (MIC)
Define WPA3 (2)
- Latest and most secure WiFi encryption
- Uses perfect forward secrecy (PFS) so that it is not vulnerable to brute-force attacks since the pre-shared key is different for every session
Define Message Integrity Check (MIC)
Used by 802.11 wireless to provide message integrity, aka MAC
Define Simultaneous Authentication of Equals (SAE) (2)
- PFS key exchange that expands security of Diffie-Hellman
- Used by WPA3 to eliminate brute-force vulnerability
Define Extensible Authentication Protocol (EAP)
A standard authentication framework for wireless network authentication used in conjunction with 802.1X
Define EAP-FAST (Flexible Authentication via Secure Tunneling) (3)
- Establishes a secure tunnel over which authentication credentials are provided to authenticator
- Commonly used with RADIUS
- Uses shared secret to establish tunnel
Define PEAP (2)
- Protected EAP
- Like EAP-FAST except it requires a server certificate to create tunnel
Define EAP-TLS (3)
- Requires digital certificates on all devices
- Difficult to implement due to requirement of PKI
- Older devices that lack support for certificates can’t use it to connect
Define EAP-TTLS (2)
- Tunneled Transport Layer Security
- Works like EAP-TLS minus client digital certificate
Define Federation
Using third-party or external authentication services
Define RADIUS
Provides federated wireless authentication with other providers, such as Active Directory
Define 802.1X
Network authentication protocol that opens up wireless or wired network ports upon authentication and authorization
What is the pre-shared key used by the WiFi encryption protocols?
The WiFi password