Unlike a wired
network connection,
wireless networks can
be heard by anyone
who's close by who
would care to listen in.
This means that the data we send
across our wireless networks
could potentially be
gathered by anyone nearby.
The solution for this is
obviously to encrypt the data.
Even if someone was
to capture everything
that we send from
our computer, they
wouldn't be able to read any of
it because all of the traffic
would be encrypted.
Of course, there
are other people
on the wireless
network that would
like to communicate with you.
And in those cases, we
might configure WPA or WPA2
encryption so that everyone can
have a protected communications
channel while on the
wireless network.
One of the very first
encryption types
we used on wireless
networks was WEP.
WEP stands for Wired
Equivalent Privacy.
Unfortunately, in 2002, we
found significant cryptographic
vulnerabilities
with WEP and decided
this would not be appropriate
to use going forward.
But we needed some
short-term protection.
We couldn't use WEP any longer,
and we weren't quite sure
where we would go
with encryption
on wireless networks.
The solution was a mid-term
encryption protocol named
WPA or Wi-Fi Protected Access.
WPA used RC4 ciphers with TKIP,
which is Temporal Key Integrity
Protocol.
It was able to take
an initialization
vector that was much larger than
what we were using with WEP.
And every packet that we were
sending over a WPA network
included a unique
128-bit encryption key.
TKIP was an interesting addition
to our wireless encryption.
This is something that
wasn't available in WEP.
And this allowed us to
combine a secret route key
with our initialization vector.
It also added a
sequence counter so
that no one could replay
this traffic in an effort
to gain access to the network.
TKIP also included a
64-bit message integrity
check to make sure that
nobody tampered with the data
as it was going through
the wireless network.
But unfortunately, we found some
implementation vulnerabilities
with TKIP.
And we decided this would
not be appropriate to use
going forward.
The most modern
wireless encryption
that we use on our networks
today was introduced in 2004.
This was WPA2-- the WPA2 being
the second edition of that.
WPA2 included AES to
provide the encryption.
This is the Advanced
Encryption Standard.
We use that instead
of the RC4 cipher.
And it also included
CCMP, which is
Counter Mode with Cipher Block
Chaining Message Authentication
Code Protocol.
And that was the
replacement for TKIP.
CCMP is a block cipher mode
that uses 128-bit keys,
and it encrypts in
128-bit block sizes.
This increased security
came at a cost, however.
Some of the older
hardware was not
able to run this more
advanced encryption scheme.
These days, modern hardware
is able to run WPA2
without a problem.
And all of your wireless
equipment should be using WPA2.
It provides the
data confidentiality
you need for encrypted data.
It provides authentication.
And it provides
the access control
you need to your
wireless network.
