I believe many readers have learned that WPA encryption for wireless communication security has been cracked by foreign personnel. To learn that WPA is currently one of the most common encryption standards, its security has convinced many users that, however, the messages reported by WPA are a headache for enterprises. Many wireless users have decided to completely abandon wireless applications, the failure of WPA indicates that the last "firewall" of the wireless network is also broken, and the wireless network is completely insecure. So the actual situation is, as those users have said, will it be very easy to attack the wireless network after WPA is broken? Should we embrace wireless security? Today, I will explain in detail the future trend of wireless security after WPA is over.
I. What does WPA mean:
Recently, Erik Tews, a foreign researcher, said that the Wi-Fi access protection technology used by the Wi-Fi network is no longer secure. He can crack the WPA encryption technology within 15 minutes. You need to know that the previous WEP technology can be cracked in just a few minutes using today's notebook, and the original intention of WPA is to solve the WEP deficiency.
To read the data being transmitted, Tews finds a dictionary-free attack method to crack the temporary Key Integrity Protocol (TKIP ). The cracking of WPA encryption will have a huge impact on users and vendors. WPA is currently one of the most common encryption standards, and there is also a more reliable standard WPA2 (it uses the Advanced Encryption Standard AES, so it will not be affected by this cracking ), but it is not very mature. Users can only stay on insecure WPA encryption technologies.
Unlike the traditional TKIP encryption system that uses block data algorithms or dictionary attacks, researchers at Tews and Martin Beck mainly crack WPA by cracking the TKIP encryption system (Temporal Key Integrity Protocol, temporary Key Integrity Protocol) on the WPA ), however, this method only applies to data specific to wi-fi adapters and does not work for encrypted data from PCs to routers.
The WPA was easily cracked, indicating that neither WEP nor WPA can meet the security requirements. Some experts suggest using the WPA2 encryption system to protect the security of wireless networks. 2. What else can we do without the wireless security of WPA?
So what measures can common users do for wireless security when WPA encryption is cracked? In my personal experience, most users use methods to hide the SSID, MAC address filtering, WEP, and WPA for wireless communication. However, these methods cannot work in this situation.
(1) Hide the SSID Number:
The basic method to hide the SSID is to prevent the gentleman from defending against the villain. Any intruder can use the wireless signal scanning tool to find all wireless networks in the current environment, whether you hide the SSID or not, wireless sniffer provides a clear view. Therefore, the method for hiding the SSID number has no security effect. (1)
Figure 1
(2) MAC address filtering:
Since the wireless communication data packets can be scanned by the wireless sniffer tool, the source address and destination address information in the communication data packets will definitely contain the MAC address information, therefore, intruders can obtain MAC addresses with wireless access permissions by scanning MAC addresses, so as to break through the MAC address filtering function by modifying the local MAC address of the NIC. After modifying the MAC address, intruders can easily access a wireless network with the address filtering function enabled. Therefore, the MAC address filtering method is not very secure. (2)
Figure 2
(3) encrypted data communication using WEP:
This method was no longer secure as early as a year ago. I have also written related articles, and interested readers can search for it on their own. In the case of WEP encryption, professional cracking tools can be used to decrypt the ciphertext within half an hour. Therefore, WEP encryption is not advisable to improve wireless network security. (3)
Figure 3
(4) Data Communication encrypted using WPA:
After WEP was unable to provide sufficient security protection, the vendor introduced the WPA encryption method. Although this method was very effective in the past and the device compatibility was good, however, the recent WPA encryption failure also announced that he will gradually exit the historical stage.
(5) Use WPA2 to encrypt data communication: (4)
Figure 4
WPA2 uses the Advanced Encryption Standard AES, so it is not affected by the method described at the beginning of this article. Therefore, currently, using WPA2 to encrypt data communication can provide sufficient security for wireless networks, however, the WPA2 method is not mature, and not all users can use it smoothly. Some wireless devices do not support WPA2 encryption. Therefore, for these users and wireless network devices, we can only stay on the insecure WPA encryption technology.
3. After WPA is broken, Will wireless security be practically helpless?
Through the above analysis, we can see that after WPA is broken, wireless security is actually reduced to the lowest level. After WPA is broken, will our wireless security be practically helpless? In fact, we can still make up for and improve security through various methods.
(1) Try to use WPA2 to encrypt the communication data:
As mentioned above, although WPA has been cracked, WPA2 is still very secure, so we can try to use the WPA2 encryption method to improve the security of the wireless network. More security protocols related to WPA2 will be launched in the future, such as more reliable standard wpa xp, wpa kb Preview, WPA beta official version, and WPA official version SP1, these standards and protocols greatly improve the security of wireless networks.
However, some wireless network adapters or wireless routers do not support the WPA2 encryption protocol. In this way, we can only discard this method and choose the method described later to improve security.
(2) WAPI Protocol as an auxiliary means:
First, we need to clarify what protocol WAPI is. WAPI is short for WLAN Authentication and Privacy Infrastructure. Like infrared, Bluetooth, GPRS, and CDMA 1X, It is a wireless transmission protocol, except that it is a wireless LAN (WLAN) it is similar to the current 802.11B transmission protocol. For our country, the WAPI Protocol is mainly implemented now. It is a WLAN wireless protocol developed and promoted by our country. So far, the security has been very secure. However, because of its incompatibility with the existing 802.11b, g and other standards, WAPI standards are not universal with the 802.11B adopted by China. So now we can only hope that the country will promote it as 802.11b, g, n standard assist.
(3) WPA is not the only thing WPA has to do:
Finally, I would like to note that many people think that WPA cannot be used to encrypt wireless communication after WPA is broken, in fact, Erik Tews, a foreign researcher, demonstrated that it only decrypts the encrypted transmission information of WPA, which is equivalent to restoring the ciphertext to plain text. During the restoration process, it does not know what the WPA key is, therefore, this WPA attack only results in encrypted transmission information. As for the key of the wpa key, it still cannot be cracked. Therefore, users do not have to worry about the theft of the vro. This also indicates that we can still use WPA to encrypt wireless networks in a semi-secure manner. illegal intruders can only obtain data before WPA encryption. Some network communication data is encrypted by themselves, even if the WPA layer is cracked and restored, it is still ciphertext.
Iv. Summary:
To sum up, after WPA is broken, wireless security is far from being guaranteed as it is reported in the network. We should not go too far for common users. After all, the surrounding area can easily break through MAC address filtering and wireless WPA, there are not many intruders in WEP encryption, and WPA encryption cannot be regarded as a formal cracking. As long as the WPA key is not restored, the WPA-encrypted wireless network is still secure.