5 Flashcards
How is WPA authentication different from WPA2?
WPA authentication uses a pre-shared key (PSK) for authentication, while WPA2 replaced RC4 with Advanced Encryption Standard (AES) encryption.
What is CCMP and how does it relate to TKIP?
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP (Temporal Key Integrity Protocol) in WPA2, providing stronger encryption for wireless networks.
What is the purpose of 802.1x Enterprise authentication?
802.1x Enterprise authentication ensures that each user has an individual login and password for wireless LAN authentication, replacing the use of pre-shared keys (PSK).
What is the four-way handshake in WPA/WPA2 authentication?
The four-way handshake is the process of authentication between a client device (supplicant) and an access point (authenticator) before data is sent across the wireless network.
How is the pairwise master key (PMK) generated?
The PMK is created using a password and the network name (SSID), and it is known by both the supplicant and the authenticator.
What is PBKDF2, and how does it improve hashing for WPA authentication?
PBKDF2 (Password-Based Key Derivation Function 2) iterates through multiple rounds of hashing to generate a more secure 256-bit key, improving security for WPA networks.
What is the purpose of the Pairwise Transient Key (PTK)?
The PTK is used for encryption and data authentication in the four-way handshake and data transfer between the client device and the access point.
How is the group temporal key (GTK) used in WPA/WPA2 authentication?
The GTK is a random number generated by the access point and used to encrypt broadcast multicast data between the authenticator and the supplicant.
What are some authentication protocols used in WPA Enterprise authentication?
Authentication protocols include basic EAP (Extensible Authentication Protocol) or other variants of EAP for authenticating users on a wireless network.
What are the inputs required for the four-way handshake in WPA/WPA2 authentication?
The inputs include the pairwise master key (PMK), authenticator nonce (ANonce), supplicant nonce (SNonce), authenticator address (AP MAC address), and supplicant address (client MAC address).
What are the steps involved in the four-way handshake in WPA/WPA2 authentication?
- Nonce Generation: Both the client (supplicant) and the access point (authenticator) generate random nonces (ANonce and SNonce, respectively).
- Pairwise Master Key (PMK) Derivation: The PMK is derived using the SSID (network name) and the pre-shared key (PSK).
- Pairwise Transient Key (PTK) Generation: The PTK is generated using the PMK, nonces, and MAC addresses of both the client and the access point.
- Both parties confirm the integrity of the exchanged messages (usually using a Message Integrity Code, MIC) and install the Pairwise Transient Key (PTK) for secure unicast communication. Additionally, the Access Point (authenticator) sends the Group Temporal Key (GTK) to the client for securing multicast and broadcast communications.
What are Nonce, ANonce, and SNonce in the context of wireless security?
Nonce: A Nonce (Number Used Once) is a random number generated for a specific purpose, often used in cryptographic protocols to ensure uniqueness.
ANonce (Authenticator Nonce): ANonce is a random number generated by the access point (authenticator) during the authentication process.
SNonce (Supplicant Nonce): SNonce is a random number generated by the client device (supplicant) during the authentication process.
What is the purpose of Wi-Fi Protected Setup (WPS)?
Wi-Fi Protected Setup (WPS) is designed to simplify the process of setting up a wireless network, particularly for non-technical users. However, it has several vulnerabilities and is not considered a secure protocol.
What is the role of the Pairwise Transient Key (PTK) in the four-way handshake?
The Pairwise Transient Key (PTK) is derived from the PMK, ANonce, SNonce, and MAC addresses. It is used for encryption and data authentication during the four-way handshake and subsequent data transfer.
