1. Access WiFi
1.1 wireless peer-to-peer Security WEP (Wired Equivalent Privacy)
WEP adopts RC4 symmetric encryption technology at the link layer. The user's encryption key must be the same as the AP's key to allow access to network resources, thus preventing unauthorized user listening and unauthorized user access. WEP provides a 40-bit and 128-bit key mechanism, but it still has many defects. For example, all users in a service area share the same key, if a user loses a key, the entire network is insecure. In addition, 40-bit keys are easily cracked today. Keys are static and need to be manually maintained with poor scalability. To improve security, we recommend that you use a 128-bit encryption key.
1.2 WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)/WPA2-PSK (TKIP or CCMP)
Both adopt pre-shared key authentication. WPA2 is based on the Formal Specification of IEEE802.11i, which is more secure than WPA. The WPA-PSK must support Key management and data encryption based on TKIP (Temporal Key Integrity Protocol), and whether WPA supports CCMP (Counter mode with Cipher-block chaining Message authentication code Protocol) and data encryption. The WPA2-PSK must be able to support both TKIP and CCMP, and both methods must pass compatibility tests. TKIP is an enhanced and upgraded WEP encryption method. Its key length is 128 bits, which solves the problem of too short WEP Key Length and enhances security. TKIP is used to encrypt each data packet by mixing multiple factors (including the basic key, MAC address of the AP, and serial number of the data packet. This hybrid operation minimizes the requirements for wireless terminals and AP, and provides sufficient password strength so that it will not be easily cracked. In addition, hybrid operations can effectively solve duplicate key usage and replay attacks in WEP encryption. CCMP is a security protocol based on the block password of AES (Advanced Encryption Standard. IEEE 802.11i requires the use of CCMP to provide four security services for wireless networks: authentication, confidentiality, integrity, and replay attack protection. CCMP uses the 128-bit AES Encryption Algorithm for confidentiality and other CCMP protocol components for the remaining three services. CCMP combines two complex encryption technologies (counter mode and CBC-MAC) to provide a robust security protocol for data communication between wireless terminals and APs. It should be emphasized that, although the WPA-PSK/WPA2-PSK uses a more powerful encryption algorithm, its user authentication and encryption of the Shared Password (original key) is manually determined and set through, the keys set for all terminals connected to the same AP are the same. Therefore, it is difficult to manage and leak keys, and is not suitable for applications with strict security requirements.
1.3 WPA/WPA2 (TKIP or CCMP)
To improve key management deficiencies in WPA-PSK or WPA2-PSK (referring to Personal standards, primarily for individual users), the WiFi Alliance provides WPA/WPA2 (TKIP or CCMP) (Enterprise Standard, mainly used for Enterprise users). They use 802.1x for user authentication and generate root keys for data encryption, instead of using pre-shared keys manually set, however, there is no difference in the encryption process. In WPA (or WPA2), the RADIUS server replaces a single password mechanism during WPA-PSK (or WPA2-PSK) authentication. Before accessing the wireless network, you must first provide the corresponding identity certificates and check the authentication information in the user identity database, to confirm that you have permissions and dynamically distribute the keys used for data encryption to the client. Because 802.1X is used for user identity authentication, each user's login information is managed by itself, effectively reducing the possibility of information leakage. In addition, each time a user accesses a wireless network, the data encryption key is dynamically allocated through the RADIUS server, making it difficult for attackers to obtain the encryption key. Therefore, WPA/WPA2 (TKIP or CCMP) greatly improves network security and becomes the preferred access method for high-security wireless networks.