Comprehensive Analysis of Three WLAN Security Mechanisms

WLAN uses WEP, WPA, and WAPI communication protocols to ensure communication security.

The development of WLAN business is in the ascendant. the wireless network deployed in the office of the Organization enables seamless switching between the work station and the meeting room to bring convenience to its employees. What methods does WLAN networking technology use to ensure communication security?

Wi-Fi is a non-profit organization that defines and authorizes WLAN access technology. Generally, the WLAN technology standard authorized by the organization is referred to as Wi-Fi. Wi-Fi Uses idle frequencies near 802.11 GHz. The technical standards include 802.11a, 802.11b, 802.11n, and g. Among them, the most common 802.11b speed can reach 11 M, 802.11a and 802.11g is 54 M, 802.11n can reach up to 600 M, and now the maximum technological value is 300 M. The access range is 100 ~ 300 m, or even up to kilometers. Wi-Fi technology has been popularized due to the strong promotion of Intel. Intel's WiMAX is fully compatible with Wi-Fi and delivers higher speeds.

There are roughly three secure communication protocols used by WLAN: WEP, WPA, and WAPI.

WEP

WEP (Wired Equivalent Privacy) is a security standard used by 802.11b to provide an encryption mechanism to protect the security of the data link layer, so that the data transmission security of WLAN can reach the same level as that of Wired LAN. WEP adopts the RC4 algorithm to implement symmetric encryption. You can use a preset shared key between the AP and the wireless network card. During communication, the WEP standard requires the transmitter to create an initialization vector (IV) specific to the data packet and combine it with the preset key to generate an encryption key for data packet encryption. The receiver receives this initialization vector and combines it with the local preset key to restore the encryption key.

WEP allows 40-bit long keys, which is too short for most applications. At the same time, WEP does not support automatic replacement of keys. All keys must be manually reset, which leads to long-term reuse of the same key. Third, although the initialization vector is used, the initialization vector is transmitted in plaintext and can be reused within five hours, which does not affect the strength of the key. In addition, the RC4 algorithm used in WEP has been proved to be vulnerable. In summary, the limitations of key settings and the shortcomings of algorithms make WEP have obvious security defects. The security protection effect provided by WEP can only be defined as "better than nothing ".

WPA

WPA (Wi-Fi Protected Access) is a device that protects Wi-Fi login security. It is divided into two versions: WPA and WPA2. It is an upgraded version of WEP and makes up for the shortcomings of WEP. Is an integral part of 802.11i. It is a temporary alternative to 802.11i before it is complete.

Unlike WEP, WPA provides both encryption and authentication. It ensures the security of the data link layer and only authorized users can access the WLAN Network. WPA uses the TKIP protocol (TemporalKeyIntegrityProtocol) as the encryption protocol, which provides a key reset mechanism and enhances the effective length of the key. Through these methods, the WEP protocol is insufficient. Two authentication methods are available: one is 802.11x protocol and the other is preset key PSK.

WAPI

WAPI (WLAN Authenticationand Privacy Infrastructure) is a WLAN security standard developed and vigorously implemented by China. It has passed IEEE (note, not Wi-Fi) authentication and authorization, it is an authentication and Privacy Protection Protocol. Its function is similar to WEP in 802.11b, but it can provide more comprehensive security protection. WAPI implements Security Protection by combining asymmetric (Elliptic Curve Cryptography) and symmetric cryptography (group cryptography, it implements device identity authentication, link verification, access control, and encryption and Protection of user information during wireless transmission.

In addition to mutual authentication between mobile terminals and AP, WAPI can also authenticate mobile terminals and AP through mobile networks. At the same time, the verification of the AP and mobile terminal certificates is handed over to the AS. On the one hand, the power consumption of the MT and AP is reduced, and on the other hand, the Public Key Certificate issued by the MT and AP is provided for the use of different issuers.

1. WLAN Security Testing and Evaluation suggestions
2. How to Reduce WLAN Security Risks