WEBVTT 0:00:03.160000 --> 0:00:06.560000 Hello and welcome to this video where we're going to continue our review 0:00:06.560000 --> 0:00:12.820000 of Wi-Fi security by explaining the differences between WEP and WPA. 0:00:12.820000 --> 0:00:23.020000 Okay, so first of all, when you have Wi-Fi data that gets encrypted, so 0:00:23.020000 --> 0:00:27.200000 when you're on a secure network, where does that encryption start? 0:00:27.200000 --> 0:00:28.640000 Where's the encryption end? 0:00:28.640000 --> 0:00:32.200000 Well, first of all, you should know that only the Wi-Fi data gets encrypted. 0:00:32.200000 --> 0:00:35.380000 Remember how we talked about how you've got your Wi-Fi data, which is 0:00:35.380000 --> 0:00:41.200000 your application data, like your web browsing, your telnet, TCP UDP header, 0:00:41.200000 --> 0:00:45.360000 IP header, and then we have this big 802.11 header that's in front of 0:00:45.360000 --> 0:00:48.780000 that. The 802.11 header is not encrypted. 0:00:48.780000 --> 0:00:54.460000 Everything behind that is encrypted. 0:00:54.460000 --> 0:00:58.660000 And when you first connect to a Wi -Fi access point, when it's sending 0:00:58.660000 --> 0:01:03.480000 its beacons to you, advertising its BSS, inside those beacons, it will 0:01:03.480000 --> 0:01:07.460000 actually advertise the types of data encryption it supports. 0:01:07.460000 --> 0:01:13.380000 So the actual encryption and decryption happens in just a very short space 0:01:13.380000 --> 0:01:17.640000 between your Wi-Fi client and the access point you're talking to. 0:01:17.640000 --> 0:01:21.240000 So it's not end-to-end Wi-Fi. 0:01:21.240000 --> 0:01:24.420000 It's just over the air. 0:01:24.420000 --> 0:01:27.940000 And only data frames get encrypted, not management frames. 0:01:27.940000 --> 0:01:33.120000 So your beacons are not encrypted, just your data. 0:01:33.120000 --> 0:01:42.800000 Okay, so back when 802.11 first came out, or shortly after it first came 0:01:42.800000 --> 0:01:47.040000 out, the desires of Wi-Fi, they said, you know what? 0:01:47.040000 --> 0:01:51.580000 We've just designed something where everybody's sharing a common medium, 0:01:51.580000 --> 0:01:54.860000 a common airspace, and they could all hear each other. 0:01:54.860000 --> 0:01:59.800000 We should do something to try to give Wi-Fi the same or an equivalent 0:01:59.800000 --> 0:02:04.660000 level of privacy as wired networks. 0:02:04.660000 --> 0:02:08.180000 Hence they came up with wired equivalent privacy. 0:02:08.180000 --> 0:02:12.720000 This was a very early form of Wi-Fi security back in 1997. 0:02:12.720000 --> 0:02:17.740000 So the encryption method they decide on back then was the RC4 encryption 0:02:17.740000 --> 0:02:22.940000 cipher. Unfortunately, not too many years passed after that before people 0:02:22.940000 --> 0:02:26.860000 were able to crack that and decrypt your traffic that you thought was 0:02:26.860000 --> 0:02:30.260000 safely encrypted using RC4. 0:02:30.260000 --> 0:02:33.460000 So web is now deprecated. 0:02:33.460000 --> 0:02:37.360000 You should not use web unless you have absolutely no other choice. 0:02:37.360000 --> 0:02:41.100000 It is better than nothing, but it is deprecated. 0:02:41.100000 --> 0:02:46.680000 So its replacement was WPA, which is Wi-Fi protected access. 0:02:46.680000 --> 0:02:47.920000 So here was a scenario. 0:02:47.920000 --> 0:02:50.060000 We're going to see a timeline of this here in just the next. 0:02:50.060000 --> 0:02:52.460000 Well, actually let's just take a look at it. 0:02:52.460000 --> 0:02:57.980000 Okay, so here we are. 0:02:57.980000 --> 0:03:05.220000 1997, the original 802.11 is introduced with wired equivalent privacy. 0:03:05.220000 --> 0:03:08.180000 Oh great, we got Wi -Fi and it's secured. 0:03:08.180000 --> 0:03:13.080000 Now in 1999, the Wi -Fi alliance forms. 0:03:13.080000 --> 0:03:14.220000 What is the Wi-Fi alliance? 0:03:14.220000 --> 0:03:18.680000 Well, it's an organization that takes vendors products from like Cisco 0:03:18.680000 --> 0:03:21.860000 and Arista and Ruckus networks and everything. 0:03:21.860000 --> 0:03:25.640000 Vendors can supply manufacturers can give their products to the Wi-Fi 0:03:25.640000 --> 0:03:28.900000 alliance and the Wi-Fi alliance will run them through a variety of tests 0:03:28.900000 --> 0:03:34.440000 to ensure that those products are really meeting the IEEE standards. 0:03:34.440000 --> 0:03:39.740000 So for products that says, oh yes, we meet the IEEE 802.11D standard. 0:03:39.740000 --> 0:03:43.000000 Well then the Wi-Fi alliance will run it through the test to ensure it 0:03:43.000000 --> 0:03:46.440000 really does. And then they'll put a stamp on it or a sticker on it saying, 0:03:46.440000 --> 0:03:48.320000 Wi-Fi certified. 0:03:48.320000 --> 0:03:50.560000 All right, so two years later they're formed. 0:03:50.560000 --> 0:03:52.060000 Now here we are in 2001. 0:03:52.060000 --> 0:03:58.600000 So this is four years after Wi-Fi first came out in 1997 and these very 0:03:58.600000 --> 0:04:03.940000 smart people here published a crypt analysis of WEP showing that it could 0:04:03.940000 --> 0:04:16.900000 be cracked, showing that it was not safe, it was to make Wi-Fi stronger. 0:04:16.900000 --> 0:04:23.080000 And so the IEEE got a task force together called the 802.11i task force 0:04:23.080000 --> 0:04:25.020000 and they started working on this. 0:04:25.020000 --> 0:04:29.100000 They started working on new cryptography and algorithms and new ways of 0:04:29.100000 --> 0:04:34.520000 doing security. Now a lot of times when the IEEE starts putting something 0:04:34.520000 --> 0:04:37.980000 together, they will put out drafts of what they'll done. 0:04:37.980000 --> 0:04:40.740000 They'll say, hey, this is what we've come up with so far. 0:04:40.740000 --> 0:04:42.080000 What do you guys think of this? 0:04:42.080000 --> 0:04:45.060000 And then the public will be able to comment on that draft and you know, 0:04:45.060000 --> 0:04:48.240000 maybe not the public but other people within the IEEE will be able to 0:04:48.240000 --> 0:04:51.360000 comment on it saying, oh, that looks good or oh, I see a weakness here. 0:04:51.360000 --> 0:04:54.000000 So this is the scenario. 0:04:54.000000 --> 0:04:56.700000 The 802.11i committee is working. 0:04:56.700000 --> 0:04:59.600000 They're putting out these published drafts about we think this will work. 0:04:59.600000 --> 0:05:00.700000 This is better than WEP. 0:05:00.700000 --> 0:05:02.340000 We think people should do this. 0:05:02.340000 --> 0:05:03.760000 Now they're not done yet. 0:05:03.760000 --> 0:05:06.580000 They haven't formally put the stamp of approval and said we're closing 0:05:06.580000 --> 0:05:08.620000 the door, we're finished. 0:05:08.620000 --> 0:05:12.020000 But the Wi-Fi alliance said we have to do something. 0:05:12.020000 --> 0:05:16.380000 We can't wait for 802.11i to be finally finished because it could be years 0:05:16.380000 --> 0:05:19.620000 before they're finally done and they put their seal of approval on it. 0:05:19.620000 --> 0:05:21.320000 So this is what we're going to do. 0:05:21.320000 --> 0:05:25.920000 We're going to take the latest draft that we have of the standard that 0:05:25.920000 --> 0:05:30.660000 they're creating and we're going to tell vendors, hey, if you can make 0:05:30.660000 --> 0:05:34.800000 your devices do this stuff, now this stuff might change because it's not 0:05:34.800000 --> 0:05:38.520000 quite standardized yet, but it's better than what's out there right now. 0:05:38.520000 --> 0:05:39.820000 It's better than WEP. 0:05:39.820000 --> 0:05:43.660000 So if you manufacturers can make your access points, do these other enhanced 0:05:43.660000 --> 0:05:47.480000 security things that which are in this draft, we the Wi-Fi alliance will 0:05:47.480000 --> 0:05:51.820000 stamp it with a new certification called WPA. 0:05:51.820000 --> 0:05:53.620000 So that's what WPA was. 0:05:53.620000 --> 0:05:58.600000 It was it was a stopgap to try to get newer, stronger security implemented 0:05:58.600000 --> 0:06:02.500000 in access points, even though the formal recommendation from the IEEE 0:06:02.500000 --> 0:06:04.880000 hadn't been finished yet. 0:06:04.880000 --> 0:06:07.160000 So that was in 2003. 0:06:07.160000 --> 0:06:12.040000 Then a year later, the 802 .11i was formally ratified. 0:06:12.040000 --> 0:06:18.820000 It was done. And so now actually what the WPA did or what the Wi-Fi alliance 0:06:18.820000 --> 0:06:24.220000 did was they said, okay, the 802.11i, the finished version is a little 0:06:24.220000 --> 0:06:27.800000 bit different. It's got some differences in it than the draft version 0:06:27.800000 --> 0:06:31.460000 that we got when we came up with our WPA standard. 0:06:31.460000 --> 0:06:36.420000 So we're going to come up with another standard called WPA2. 0:06:36.420000 --> 0:06:40.360000 And now if a Wi-Fi vendor supports all the things that are formally in 0:06:40.360000 --> 0:06:49.280000 the finally done 802.11i standard, we will stamp that with the WPA2 approval. 0:06:49.280000 --> 0:06:53.220000 All right. So once again, just some highlights of WEP. 0:06:53.220000 --> 0:06:58.860000 So one of the bad things about WEP was that both the client and the access 0:06:58.860000 --> 0:07:02.500000 point would have a static passphrase. 0:07:02.500000 --> 0:07:07.440000 And that passphrase that was of different sizes, 64-bit, 128-bit or 256 0:07:07.440000 --> 0:07:12.540000 -bit, usually people selected the 128-bit passphrase. 0:07:12.540000 --> 0:07:17.360000 And that was used to actually encrypt and decrypt your data. 0:07:17.360000 --> 0:07:20.240000 It used the RC4 encryption cipher. 0:07:20.240000 --> 0:07:22.640000 And like I said, it was easily cracked. 0:07:22.640000 --> 0:07:25.780000 So the main takeaways from this, the main thing you should remember about 0:07:25.780000 --> 0:07:32.420000 WEP is that it used a static passphrase typically as 128 bits and it used 0:07:32.420000 --> 0:07:35.420000 the RC4 encryption cipher. 0:07:35.420000 --> 0:07:36.840000 And all that was bad. 0:07:36.840000 --> 0:07:38.980000 It was deprecated. 0:07:38.980000 --> 0:07:41.440000 Then WPA came out. 0:07:41.440000 --> 0:07:45.860000 Now when the 802.11i put their draft out there, they weren't quite done 0:07:45.860000 --> 0:07:49.280000 yet. And the Wi-Fi alliance said, oh, okay, we're going to put this into 0:07:49.280000 --> 0:07:51.780000 a certification program called WPA. 0:07:51.780000 --> 0:07:55.480000 That draft said there's two ways you can do authentication. 0:07:55.480000 --> 0:08:01.420000 One way is doing authentication where you have a passphrase between you 0:08:01.420000 --> 0:08:03.200000 and the access point. 0:08:03.200000 --> 0:08:08.940000 And that's going to be used as the base key for your, not only your authentication, 0:08:08.940000 --> 0:08:11.020000 but also for your encryption of data. 0:08:11.020000 --> 0:08:16.220000 We're going to make it so it goes up to 256 bits in length. 0:08:16.220000 --> 0:08:21.160000 Now your passphrase is actually going to be your encryption key to encrypt 0:08:21.160000 --> 0:08:25.020000 and decrypt your data is going to take account of this passphrase plus 0:08:25.020000 --> 0:08:27.220000 other elements as well. 0:08:27.220000 --> 0:08:28.600000 And it's just going to be stronger. 0:08:28.600000 --> 0:08:30.540000 The way we're going to be doing it is stronger. 0:08:30.540000 --> 0:08:37.560000 And because it's all done right on the access point and right on the client, 0:08:37.560000 --> 0:08:42.060000 this is what we call WPA personal. 0:08:42.060000 --> 0:08:47.140000 One of the, there were actually two things that made WPA stronger than 0:08:47.140000 --> 0:08:52.200000 web. So notice it still used RC4 as the encryption algorithm, but it implemented 0:08:52.200000 --> 0:08:56.980000 something called T-KIP, the temporal key integrity protocol. 0:08:56.980000 --> 0:08:59.700000 So this was a way of actually rotating the key. 0:08:59.700000 --> 0:09:02.560000 The key wouldn't be static for every single packet. 0:09:02.560000 --> 0:09:06.220000 The encryption key used to encrypt and decrypt things could actually change 0:09:06.220000 --> 0:09:11.080000 over time. So that made it harder to guess, harder to crack. 0:09:11.080000 --> 0:09:14.740000 And also included something called a message integrity check or a MIC, 0:09:14.740000 --> 0:09:19.120000 which could verify if the data you received over the Wi-Fi have been corrupted 0:09:19.120000 --> 0:09:21.200000 or modified in some way. 0:09:21.200000 --> 0:09:24.040000 So these were improvements that web did not have. 0:09:24.040000 --> 0:09:27.860000 So that was WPA personal. 0:09:27.860000 --> 0:09:31.380000 Then they said, if you really want to get fancy, you could actually have 0:09:31.380000 --> 0:09:37.520000 your authentication done between the client and an 802.1x radius server. 0:09:37.520000 --> 0:09:42.180000 And with 802.1x, that opens you up to a whole variety of different ways 0:09:42.180000 --> 0:09:43.840000 of doing authentication. 0:09:43.840000 --> 0:09:48.040000 You could still do a passphrase, but you could do other things as well. 0:09:48.040000 --> 0:09:51.740000 802.1x, for example, allows you to exchange digital certificates, which 0:09:51.740000 --> 0:09:55.520000 is much more secure than just a static passphrase. 0:09:55.520000 --> 0:09:59.180000 This was called WPA enterprise. 0:09:59.180000 --> 0:10:05.280000 And the protocol of EAP, the extensible authentication protocol, was used 0:10:05.280000 --> 0:10:10.260000 between the client and a back-end 802.1x server. 0:10:10.260000 --> 0:10:17.300000 Main takeaway from this is that WPA personal is configured on the client 0:10:17.300000 --> 0:10:19.240000 and the access point. 0:10:19.240000 --> 0:10:21.560000 Don't need anything beyond that. 0:10:21.560000 --> 0:10:27.380000 WPA enterprise, much more secure, gives you many more options, but it 0:10:27.380000 --> 0:10:30.660000 relies on authentication server running radius. 0:10:30.660000 --> 0:10:32.720000 And now you're doing 802.1x. 0:10:32.720000 --> 0:10:35.740000 So there's a lot more involved in setting it up and configuring it on 0:10:35.740000 --> 0:10:43.260000 the front end. So that concludes this overview of web and WPA personal 0:10:43.260000 --> 0:10:45.080000 and WPA enterprise.