Saturday, June 27, 2009

No Privacy Ensured in WPA/WPA2-PSK Protocol: Choose Your WLAN Security Circumspectly

In a wired network environment, it is not possible to see others communication by passively monitoring the wired interface. Which means you can not really snoop into someone’s IM chat or email or browsing activity. But what’s about wireless network. Is your wired network’s privacy guaranteed over wireless? If you have just learnt about the weaknesses of an Open or WEP enabled WiFi networks and planning to upgrade to WPA/WPA2, hold on for a while. Privacy is also not guaranteed in a WPA/WPA2-PSK protocol.

WiFi is one of the popular wireless technologies widely adopted as local area networking protocol today. But there is some security issues associated with it and hence its implications should be understood well in advance before use. For example unguided medium is used for transmission, which means, any communication of an Open WiFi network can be seen from hundreds of meters away from the network. WEP configuration does no better than Open AP as the encryption technique is known to be broken and does not provide security cover for more than few minutes if attacked.

WPA and WPA2 are two other more robust WiFi security configurations than WEP and support two different authentication mechanisms (i) IEEE 802.1x authentication framework (ii) Pre Shared Key or PSK. IEEE 802.1x based configuration is known as Enterprise mode configuration and PSK mode configuration is known as Personal mode configuration. While enterprise mode configuration requires certificate for client and server and infrastructure in place for deployment, personal mode simply requires a “passphrase” which acts like a password for WiFi network access. The ease of deployment of a personal mode secured WiFi network makes it an obvious choice for home and personal WiFi networks.

There are few attacks known to exist against WPA-WPA2-PSK mode configuration. For example dictionary attack is known to be effective against WPA/WPA2-PSK or Personal mode networks; it can be easily circumvented by prudently choosing “Passphrase” of more than 8 characters and a mix of special characters and alphabets. Recent attack on “TKIP” which is one of the WPA/WPA2 supported encryption techniques, can be mitigated by reducing re-keying interval or by changing underlying encryption technique to AES (advanced encrypted system).

The key point here is that the known attacks from a malicious outsider against WPA or WPA2-PSK based networks can be fixed but the protocol is also found to suffer from an insider threat. In an enterprise environment, where WiFi enabled devices are configured with single key, there is a very high likelihood of this secret key getting shared among trusted users and finally becoming public. Once this happens, the privacy of an authorized user is lost. Any malicious user present inside the network can capture wireless traffic and decode it with the help of single shared key. There are tools freely available on Internet which can be used to decode frames e.g. Wireshark Protocol Analyzer. More technical details can be found at:

This implies that one can easily snoop into one’s internet browsing activity and steal valuable information or data flowing in the air.

So the final word about WPA/WPA2-PSK mode is that it is safe to setup a home or personal WiFi network , it 's use should be avoided in an environment where the network key is shared and distributed among its users. Wired equivalent user’s privacy is not guaranteed in a WPA/WPA2-PSK enabled WiFi network and hence, a judicious decision should be made while choosing security cover for the network.

No comments:

Post a Comment