According to abbreviationfinder, WPA2 stands for Wi-Fi Protected Access 2 (WPA2).

Security is an aspect that is especially relevant when we talk about wireless networks. To access a wired network, a physical connection to the network cable is essential. However, in a wireless network deployed in an office, a third party could access the network without even being located on the company’s premises, it would be enough for them to be in a nearby place where the signal would reach them. What’s more, in the case of a passive attack, where only the information is heard, no traces are even left to enable subsequent identification.

The channel of wireless networks, unlike private wired networks, should be considered insecure. Anyone could be listening to the transmitted information. And not only that, but you can also inject new packages or modify existing ones (active attacks). The same precautions we take for sending data over the Internet should also be taken for wireless networks.

Once the new 802.11ie standard is finalized, WPA2 is created based on it. WPA could be considered a “migration”, while WPA2 is the certified version of the IEEE standard.5 6. The 802.11i standard was ratified in June 2004.

The Wi-Fi Alliance calls the pre-shared key version WPA-Personal and WPA2-Personal and the version with 802.1x/EAP authentication as WPA-Enterprise and WPA2-Enterprise. Manufacturers began to produce the new generation of access points supported by the WPA2 protocol that uses the encryption algorithm AES (Advanced Encryption Standard).7 With this algorithm it will be possible to comply with the security requirements of the US government – FIPS140-2. “WPA2 is ideally suited for businesses in both the private and public sectors. Products that are certified for WPA2 give IT managers the assurance that the technology meets interoperability standards,” said Frank Hazlik Managing Director of Wi-Fi. FI Alliance.

WPA2 (IEEE 802.11i)

802.11i is the new IEEE standard for providing security on WLANs. Its specifications are not public, so the amount of information available at the moment is really scarce. WPA2 includes the new encryption algorithm AES (Advanced Encryption Standard), developed by the NIS. It is a block cipher algorithm (RC4 is stream) with 128-bit keys. It will require powerful hardware to perform its algorithms. This aspect is important as it means that older devices without sufficient processing capabilities will not be able to incorporate WPA2.

To ensure the integrity and authenticity of messages, WPA2 uses CCMP (Counter-Mode / Cipher Block Chaining / Message Authentication Code Protocol) instead of MIC codes. Another improvement over WPA is that WPA2 includes support not only for BSS mode but also for IBSS mode (ad-hoc networks).

Security WPA2 attacks

Both WPA version 1 and the so-called version 2 are based on the transmission of the supported authentications in the corresponding information element. In the case of WPA 1, in the Microsoft proprietary tag, and in the case of WPA2 in the standard 802.11i RSN tag. During the exchange of information in the RSN connection process, if the client does not support the authentications specified by the AP (access point), it will be disconnected, thus being able to suffer a DoS attack specific to WPA.

In addition, there is also the possibility of capturing the 4-way handshake that is exchanged during the authentication process in a network with strong security. PSK keys (pre-shared) are vulnerable to dictionary attacks (but not business ones, since the RADIUS server will randomly generate these keys), there are free projects that use GPUs with specific languages ​​such as CUDA (NVIDIA) and Stream (AMD) to perform brute force attacks up to a hundred times faster than with ordinary computers.

Security in wireless networks is a critical aspect that cannot be neglected. Because the transmissions travel through an insecure medium, mechanisms are required to ensure the confidentiality of the data as well as its integrity and authenticity. The WEP system, included in the IEEE 802.11 standard to provide security, has several weaknesses that make it insecure, so alternatives must be sought.

Both the WPA specification and IEEE 802.11i address all known WEP flaws and are currently considered reliable solutions. The advantage of WPA is that it does not require hardware upgrades on computers. As long as no security issues are discovered in WPA, this implementation may be enough on devices for the next few months. The IEEE security bet to replace the ill-fated WEP, 802.11i and WPA is the new Wi-Fi Protected Access 2 (WPA2).

WPA2

WPA2 Guide