WPA 2 -
Although WPA 2 seems like little more than an extension of WPA it is not, many of the items that were used in WPA are no longer there. The packet integrity check is completely different and instead of relying on the relatively weak TKIP it uses AES (Advanced Encryption Standard).
WPA2 uses a part of AES called CCMP; this requires the use of a 128-key and 128-bit block size making the protocol significantly more secure. CCMP (Counter Cipher Mode Protocol or in its longer name Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) is a combination of CBC-MAC and Counter Cipher Mode. CBC-MAC, or Cipher Block Chaining Message Authentication Code Protocol, replaces both CRC and the integrity check that was used in the original WPA. It is significantly stronger than what can get with either of those two protocols as well as being used to authenticate while CCM is used to protect your data in transit. CCM encapsulates and protects not only the MPDU (MAC Protocol Data Unit or simply Protocol Data Unit) data field, but also the header of the PDU. In this way it protects more of the actual data during transmission than was capable with WEP or WPA.
If you think all of this sounds complicated then you are right, but even this is a very simplified explanation of what is going on to protect your data and this is without getting into what you can do once you add in security certificates and RAIDUS (Remote Access Dial Up Service) to the mix. However you can think of WPA2 as the final example of the protection put on the picture.
To see the picture you have to be on the list and show ID that can be compared to something that already exists (authenticate and integrity) and you must also know the security pass code that is unique to you (Data Protection). Believe it or not all of this extra security is actually faster than using WPA with TKIP or WEP. This is because AES and AES 256 (and improvement on AES where it uses 256-bit keys but still 128-bit Blocks) can all be hardware accelerated. For a long time this was handled by specialty processors inside our wireless devices. Now Intel has pushed AES acceleration into their CPUs to help the client side execute encryption functions even faster. AMD is also working on something to help, but their solution involves a specialty ARM Core inside their CPUs to deal with the extra overhead.
Still more to do -
As with all over encryption schemes, WPA can still be broken. In 2011 the first key recovery techniques were published. However even at its weakest (AES128) you would need 2^126.1 or 91,176,402,658,724,901,139,255,709,019,546,000,000 operations to grab your WPA2 key. This is a factor of four faster than simple brute force when a complex key is used. If you use AES 256 for your WPA 2 protection it is significantly more secure with 3.8197144438389907021237890200902e+76 operations required. Now for those of you not familiar with this type of notation simply move the decimal to the right 76 places and that will get you the proper number. Again this does not mean you are completely protected there are side-channel attacks that do not try to recover the key, but look for information leaks to get inside the system. Some of these have been around since 2005 and have evolved in complexity which has required the encryption algorithms to evolve as well. So you can see how encryption in wireless has evolved over time to make sure that your data is protected from unwanted intrusion.
On the opposite side of the coin methods for breaking into these systems have also improved. With the advent of using GPUs for highly parallel compute tasks breaking encryption has become significantly easier. What once took multiple computers days or weeks to do can be done using a few off the shelf GPUs in a matter of hours. This means that security will still have to improve to make sure that our wireless communication is still protected. The problem is that it is not just the encryption scheme that has to be protected, but also other functions that have been created to make setting up encryption easier. Recently the Wireless Protected Setup was found to have a massive flaw in it that reduced the number of operations needed to break it down to almost triple digits! We covered this when it was discovered and we were shocked to find out that the protocol was designed to reveal almost the entire PIN to a clever attacker which allows them to bypass all of the protections in WPA2.
Although we have touched on the surface of Encryption in wireless communication it is a very complex and broad subject. For example even with a relatively weak encryption scheme like WEP you can effectively block eavesdropping by implementing IPSec on your network or locking your wireless access points to a small list of MAC (Media Access Control) Addresses making it highly unlikely that someone can pirate in on your network or read your data in transit. As we mentioned before you can further harden your security through the use of RAIDUS and security certificates for the server, access points and clients. These all tie into the enterprise implementation of WPA and WPA2. By adding in RADIUS and certificates you make it more difficult for someone to bring an unauthorized system into your network and also you can add an extra layer of data protection as well. You can really go crazy if you have the right hardware available, but for most home networks these are not part of the equation just yet. In a few years we envision home networks that require systems to be setup for access on the network before they can get in. It is already available in the enterprise and it is only a matter of time before we see special dongles that are used to configure a system to access your wireless network. These dongles would install a client certificate, setup the proper wireless security (WPA2 with EAP-TLS or MS-CHAP v2) as well as configure your wireless card to use the right MCS and channel for best reception. Of course this will make managing the home network a little more complicated as you will have to maintain an access control list, but it will also make it much harder to break into from the outside.
In our next article we will cover range and power
Read our first article on wireless speed
What Encryption do you use in your wireless? Tell us in our Forum