Escolar Documentos
Profissional Documentos
Cultura Documentos
Submitted to:-
Dinesh Sir
Submitted by :-
Name: Yogesh
Gandhi
Roll No: RC2801B48
Section: C2801
Reg No: 10808452
ACKNOWLEDGEMENT
I take this opportunity to present my votes of thanks to all those guidepost who really acted
as lightening pillars to enlighten our way throughout this project that has led to successful
and satisfactory completion of this study.
We are really grateful to our teacher for providing us with an opportunity to undertake this
project in this university and providing us with all the facilities. We are highly thankful to
Mr. Dinesh Sir for her active support, valuable time and advice, whole-hearted guidance,
sincere cooperation and pains-taking involvement during the study and in completing the
assignment of preparing the said project within the time stipulated.
Lastly, We are thankful to all those, particularly the various friends , who have been
instrumental in creating proper, healthy and conductive environment and including new and
fresh innovative ideas for us during the project, their help, it would have been extremely
difficult for us to prepare the project in a time bound framework.
Name-Yogesh Gandhi
Regd.No-10808452
Rollno-RC2801B48
Table of Content
Summary
Reference
Wi-Fi Protected Access intended WPA as an intermediate
measure to take the place of WEP
Wi-Fi Protected Access (WPA pending the preparation of
and WPA2) is a certification 802.11i. Specifically, the
program developed by the Wi-Fi Temporal Key Integrity Protocol
Alliance to indicate compliance (TKIP), was brought into WPA.
with the security protocol created TKIP could be implemented on
by the Wi-Fi Alliance to secure pre-WPA wireless network
wireless computer networks. The interface cards that began shipping
Alliance defined the protocol in as far back as 1999 through
response to several serious firmware upgrades. Because the
weaknesses researchers had found changes required fewer
in the previous system, WEP modifications on the client than on
(Wired Equivalent Privacy). the wireless access points (APs),
most pre-2003 APs could not be
The WPA protocol implements upgraded to support WPA with
the majority of the IEEE 802.11i TKIP. Researchers have since
standard. The Wi-Fi Alliance discovered a flaw in TKIP that
relied on older weaknesses to
retrieve the keystream from short of the Wi-Fi logo does not
packets to use for re-injection and necessarily imply a device is
spoofing. incompatible with Wi-Fi devices.
City-wide Wi-Fi
WAP 1.X
On receiving a WAP Push, a
The WAP 1.0 standard, released
WAP 1.2 or later enabled handset
in April 1998, described a
will automatically give the user
complete software stack for
the option to access the WAP
mobile internet access.
content. This is also known as
WAP Push SI (Service
WAP version 1.1 came out in
Indication).
1999. WAP 1.2, the final update
of the 1.X series was released in
The network entity that processes authentication server.Each
WAP Pushes and delivers them wireless network device encrypts
over an IP or SMS Bearer is the network traffic using a 256 bit
known as a Push Proxy Gateway key. This key may be entered
(PPG). either as a string of 64
hexadecimal digits, or as a
WAP 2.0 passphrase of 8 to 63 printable
ASCII characters. If ASCII
WAP 2.0, released in 2002, a re- characters are used, the 256 bit
engineered WAP, uses a cut-down key is calculated by applying the
version of XHTML with end-to- PBKDF2 key derivation function
end HTTP (i.e., dropping the to the passphrase, using the SSID
gateway and custom protocol suite as the salt and 4096 iterations of
used to communicate with it). A HMAC-SHA1.
WAP gateway can be used in
conjunction with WAP 2.0; Shared-key WPA remains
however, in this scenario, it is vulnerable to password cracking
used as a standard proxy server. attacks if users rely on a weak
The WAP gateway's role would passphrase. To protect against a
then shift from one of translation brute force attack, a truly random
to adding additional information passphrase of 13 characters
to each request. This would be (selected from the set of 95
configured by the operator and permitted characters) is probably
could include telephone numbers, sufficient. Lookup tables have
location, billing information, and been computed by the Church of
handset information. WiFi (a wireless security research
group) for the top 1000 SSIDs for
Mobile devices process XHTML a million different WPA/WPA2
Mobile Profile (XHTML MP), the passphrases. To further protect
markup language defined in WAP against intrusion the network's
2.0. It is a subset of XHTML and SSID should not match any entry
a superset of XHTML Basic. A in the top 1000 SSIDs.
version of cascading style sheets
(CSS) called WAP CSS is In November 2008 Erik Tews and
supported by XHTML MP Martin Beck - reseachers at two
German technical universities (TU
• Dresden and TU Darmstadt) -
uncovered a WPA weaknesswhich
security in pre-shared relied on a previously known flaw
key mode in WEP that could be exploited
only for the TKIP algorithm in
Pre-shared key mode (PSK, also WPA. The flaw can only decrypt
known as Personal mode) is short packets with mostly known
designed for home and small contents, such as ARP messages,
office networks that don't require and 802.11e, which allows Quality
the complexity of an 802.1X of Service packet prioritization as
defined. The flaw does not lead to Additionally, WPA2 will provide
key recovery, but only a a new, encryption scheme, the
keystream that encrypted a Advanced Encryption Standard
particular packet, and which can (AES). AES has already been
be reused as many as seven times adopted as an official government
to inject arbitrary data of the same standard by the U.S. Department
packet length to a wireless client. of Commerce and the National
For example, this allows someone Institute of Standards and
to inject faked ARP packets which Technology (NIST). AES will be
makes the victim send packets to defined in counter cipher-block
the open Internet. This attack was chaining mode (CCM) and will
further optimised by two Japanese support the Independent Basic
computer scientists Toshihiro Service Set (IBSS) to enable
Ohigashi and Masakatu Morii. security between client
They developed a way to break workstations operating in ad hoc
the stopgap WPA system that uses mode. AES uses a mathematical
the Temporal Key Integrity ciphering algorithm
Protocol (TKIP) algorithm, that employs variable key sizes of
whereas WPA2 systems that use 128-, 192- or 256-bits.
the stronger CCMP algorithm are Like WPA, WPA2 will use the
not affected. In October 2009, 802.1X/EAP framework as part of
Halvorsen with others made a the infrastructure that ensures
further progress, enabling centralized mutual authentication
attackers to inject larger malicious and dynamic key management. It,
packets (596 bytes, to be more too, offers a pre-shared key for
specific) within approximately 18 use in home and small office
minutes and 25 seconds. environments. Like WPA, WPA2
is designed to secure all versions
WPA2 of 802.11 devices, including
WPA2 has replaced WPA; WPA2 802.11b, 802.11a, and 802.11g,
requires testing and certification multi-band and multi-mode.
by the Wi-Fi Alliance. WPA2 Enterprises building new WLANs
implements the mandatory will find AES attractive. However,
elements of 802.11i. In particular, in many cases it will require new
it introduces a new AES-based investments in hardware. Thus,
algorithm, CCMP, which is the business must weigh the
considered fully secure. benefits of the enhanced security
Certification began in September, that WPA2 offers against the cost
2004; from March 13, 2006, of new equipment. There is no
WPA2 certification is mandatory reason not to upgrade now to
for all new devices to bear the Wi- WPA. While a hardware upgrade
Fi trademark. TKIP encryption, may be needed to deploy the AES
802.1X/EAP authentication and portion of WPA2 on WPA-
PSK technology in WPA are enabled devices, the 802.1X
features that have been brought authentication, TKIP encryption,
forward from WPA2. and PSK components of Wi-Fi
Protected Access make the two produced prior to the introduction
specifications quite compatible. of the protocol which usually had
WPA2 offers a graceful transition only supported inadequate
path from WPA that presents a security through WEP. Many of
compelling case for upgrading to these devices support the security
WPA now. WPA2 will offer a protocol after a firmware upgrade.
highly secure “mixed mode” that Firmware upgrades are not
supports both WPA and WPA2 available for all legacy devices.
client workstations. This will
allow for an orderly transition in Furthermore, many consumer Wi-
large enterprises that cannot Fi device manufacturers have
readily upgrade in a short period taken steps to eliminate the
of time. potential of weak passphrase
Unlike the WEP/WPA mixed choices by promoting an
mode in WPA devices, WPA2’s alternative method of
mixed mode will support both automatically generating and
WPA and WPA2. It delivers a distributing strong keys when
high level of security to users add a new wireless adapter
enterprises as they make the move or appliance to a network. The
to the even higher level of security Wi-Fi Alliance has standardized
offered in WPA2. Since Wi-Fi these methods and certifies
Protected Access already provides compliance with these standards
strong encryption, the transition to through a program called Wi-Fi
WPA2 clients and APs can be Protected Setup.
done gradually, seamlessly, and
with a high level of confidence
that security will not be
compromised. EAP extensions under
WPA- and WPA2-
Enterprise
Hardware support
The Wi-Fi alliance has announced
the inclusion of additional EAP
Most newer certified Wi-Fi (Extensible Authentication
devices support the security Protocol) types to its certification
protocols discussed above, out-of- programs for WPA- and WPA2-
the-box: compliance with this Enterprise certification programs.
protocol has been required for a This was to ensure that WPA-
Wi-Fi certification since Enterprise certified products can
September 2003. interoperate with one another.
Previously, only EAP-TLS
The protocol certified through Wi- (Transport Layer Security) was
Fi Alliance's WPA program (and certified by the Wi-Fi alliance.
to a lesser extent WPA2) was
specifically designed to also work
with wireless hardware that was
As of 2010 the certification authentication, while in the
program includes the following Enterprise mode of operation,
EAP types: authentication is achieved via
802.1X and the EAP. Personal
• EAP-TLS (previously mode requires only an access
tested) point and client device, while
• EAP-TTLS/MSCHAPv2 Enterprise mode typically requires
• PEAPv0/EAP- a RADIUS or other authentication
MSCHAPv2 server on the network.
• PEAPv1/EAP-GTC WPA2™ provides improved
• PEAP-TLS encryption with AES and a high
• EAP-SIM level of assurance that only
authorized users can access the
802.1X clients and servers network WPA2 able to meet
developed by specific firms may government and enterprise
support other EAP types. This security requirements WPA™ is
certification is an attempt for still a very secure solution First
popular EAP types to interoperate; WPA2 products announced on
their failure to do so is currently September 1st WMM™ enables a
one of the major issues preventing new class of consumer electronics
rollout of 802.1X on products based on Wi-Fi® WMM
heterogeneous networks. provides users with enhanced
multimedia Capabilities based
upon IEEE 802.11e standard First
WMM products to be announced
Summary in September.
• http://www.howstuff
works.com/wireless-
network.htm
• www.wi-fiplanet.com