Wireless network security

Wireless Network Security:

1. WEP

Encryption Hex ACII input character
64 bit  10 character 5 character 0~9, A~F, a~f
128 bit 26 character 13 character 0~9, A~F, a~f

2. WPA
  • TKIP :
    Temporal Key Integrity Protocol is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP was deprecated by the IEEE in January 2009
  • AES :
    The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.
    The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of repetition are as follows:
    • 10 cycles of repetition for 128-bit keys.
    • 12 cycles of repetition for 192-bit keys.
    • 14 cycles of repetition for 256-bit keys.

3. WPA2

4. WPA with EAP (802.1x)

  • EAP-TLS :
    EAP-Transport Layer Security (EAP-TLS) : defined in RFC 5216
  • EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1) : The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS)tunnel. PEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security. The inner authentication protocol is Microsoft's Challenge Handshake Authentication Protocol, meaning it allows authentication to databases that support the MS-CHAPv2 format, including Microsoft NT and Microsoft Active Directory.
  • EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
  • EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
  • EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
  • EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
  • EAP-TTLS/EAP-MD5-Challenge
  • EAP-TTLS/EAP-GTC
  • EAP-TTLS/EAP-OTP
  • EAP-TTLS/EAP-MSCHAPv2 :
    EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS.
  • EAP-TTLS/EAP-TLS
  • EAP-TTLS/MSCHAPv2
  • EAP-TTLS/MSCHAP
  • EAP-TTLS/PAP
  • EAP-TTLS/CHAP
  • EAP-SIM :
    EAP for GSM Subscriber Identity Module (EAP-SIM) is used for authentication and session key distribution using the Subscriber Identity Module (SIM) from the Global System for Mobile Communications (GSM). EAP-SIM is described in RFC 4186
  • EAP-AKA
  • EAP-AKA'
  • EAP-PSK : defined in RFC 4764
  • EAP-FAST : EAP-FAST (Flexible Authentication via Secure Tunneling) is a protocol proposal by Cisco Systems as a replacement for LEAP. EAP-FAST is defined in RFC 4851.
  • EAP-PAX
  • EAP-SAKE
  • EAP-IKEv2 : is an EAP method based on the Internet Key Exchange protocol version 2 (IKEv2). 
  • EAP-GPSK
  • LEAP (note: requires special support from the driver)

沒有留言:

張貼留言