Apply wireless transmission security (WEP, WPA)

ResourcesSubject NotesInformation Technology ITLesson Plan

Communications Technology – Wireless Transmission Security (WEP, WPA, WPA2, WPA3)

Learning Objective

Apply knowledge of wireless transmission methods and security protocols (WEP, WPA, WPA2, WPA3) to configure, evaluate and improve the security of a wireless network, in line with Cambridge International AS & A Level IT 9626 (2025‑2027).

1. Why Wireless Security Is Required

  • Radio‑frequency signals extend beyond the physical walls of a building, exposing the network to anyone within range.
  • Unauthorised users can intercept, modify, replay or inject data packets.
  • Regulatory, organisational and data‑protection policies demand protection of confidential information.

2. Wireless Transmission Methods (Syllabus 14.7)

2.1 Wi‑Fi (IEEE 802.11)

  • Typical use‑cases: LANs, public hotspots, IoT gateways.
  • Security concerns: susceptible to eavesdropping, rogue‑AP attacks, KRACK, and WPS abuse – mitigated by WPA3‑SAE and Protected Management Frames.

2.2 Bluetooth

  • Typical use‑cases: peripheral connections, wearable devices, short‑range data exchange.
  • Security concerns: pairing attacks (e.g., “Just Works” vulnerability), Bluetooth Low Energy (BLE) sniffing – mitigated by Secure Simple Pairing (SSP) and LE Secure Connections.

2.3 Infrared (IR)

  • Typical use‑cases: remote controls, line‑of‑sight data links, short‑range sensor communication.
  • Security concerns: limited to line‑of‑sight, but can be intercepted with a suitably placed receiver; physical shielding is the primary defence.

2.4 Microwave (point‑to‑point)

  • Typical use‑cases: backhaul links, campus‑wide distribution, long‑distance outdoor links.
  • Security concerns: interception with high‑gain directional antennas; encryption (e.g., AES‑CCMP) at the MAC layer is recommended.

2.5 Radio (UHF/VHF)

  • Typical use‑cases: walkie‑talkies, RFID, low‑bandwidth IoT sensors.
  • Security concerns: low data‑rate makes cryptographic protection optional, but simple stream ciphers or frequency‑hopping can raise the bar.

2.6 NFC (Near Field Communication)

  • Typical use‑cases: contactless payments, device pairing, access control.
  • Security concerns: eavesdropping is difficult due to ≤ 4 cm range, but relay attacks exist; use of ISO/IEC 14443 authentication and secure element storage mitigates risk.

3. Technical Parameters of Wireless Methods

Table 14.7‑1 – Frequency, range, data‑rate and typical security features of common wireless technologies
Technology Typical Frequency Band(s) Typical Range Typical Data Rate Modulation / Key Feature Typical Security Features
Wi‑Fi (802.11 a/b/g/n/ac/ax) 2.4 GHz, 5 GHz, 6 GHz (Wi‑Fi 6E) 20‑100 m indoor, up to 300 m outdoor (LOS) Up to 9.6 Gbps (Wi‑Fi 6/6E) OFDM, MIMO, beamforming WPA3‑SAE, WPA2‑AES/CCMP, PMF, optional 802.1X/EAP
Bluetooth 2.4 GHz ISM ≤ 10 m (Class 2), up to 100 m (Class 1) Up to 2 Mbps (BLE 5.2) FHSS, GFSK, LE 2M PHY Secure Simple Pairing, LE Secure Connections, AES‑CCM
Infrared (IR) 850‑940 nm (optical) ≤ 5 m, line‑of‑sight Up to 4 Mbps (IrDA) Pulse‑position modulation Physical line‑of‑sight; optional link‑layer authentication
Microwave (point‑to‑point) 2.4 GHz, 5 GHz, 11‑30 GHz, 60 GHz 1 km‑50 km (directional) 10 Mbps‑10 Gbps (depends on band) PSK, QAM, OFDM Link‑layer encryption (AES‑CCMP), MAC authentication
Radio (UHF/VHF) 300 MHz‑3 GHz (UHF/VHF) Few km to tens of km Up to 256 kbps (typical voice/data) FM, AM, GFSK, digital modes Frequency‑hopping, simple stream ciphers (optional)
NFC 13.56 MHz (HF RFID) ≤ 4 cm 424 kbps (ISO/IEC 14443) Inductive coupling, load‑modulation ISO/IEC 14443 authentication, secure element, mutual key exchange

4. Protocol Context (Syllabus 14.6)

Wi‑Fi security protocols operate at the IEEE 802.11 MAC layer (Layer 2 of the OSI model). Encrypted frames are carried over the physical layer and then encapsulated in the TCP/IP suite for end‑to‑end communication. Firewalls protect the wired side of the network, while WPA3’s Protected Management Frames (PMF) safeguard the wireless management traffic that firewalls cannot see.

5. Bandwidth, Media and Encryption (Syllabus 14.5)

The choice of wireless medium influences both raw bandwidth and the processing load of encryption. For example, the 5 GHz band offers higher data rates, making the additional CPU overhead of AES‑CCMP (WPA2/WPA3) negligible, whereas older 2.4 GHz devices with limited hardware may experience reduced throughput when using strong encryption.

6. Wireless Security Protocols

6.1 Wired Equivalent Privacy (WEP)

First security standard for IEEE 802.11. Uses RC4 stream cipher with a static secret key.

  • How it works
    1. Secret key (40 bit or 104 bit) is concatenated with a 24‑bit Initialization Vector (IV).
    2. The combined key generates a per‑packet keystream via RC4.
    3. Keystream XOR‑ed with plaintext data.
  • Weaknesses
    • IV is too short – collisions after ≈ 2²⁴ packets.
    • Static key enables statistical attacks (FMS, KoreK).
    • No integrity check – packets can be altered undetected.
    • Only 64‑bit or 128‑bit total key length – insecure by modern standards.
  • Typical configuration steps
    1. Log into the router’s admin interface.
    2. Navigate to Wireless → Security.
    3. Select **WEP**, choose 64‑bit or 128‑bit, and enter a passphrase.
    4. Save settings and restart the router if required.
    5. Enter the same WEP key on every client device.

6.2 Wi‑Fi Protected Access (WPA – TKIP)

Interim improvement over WEP, introduced in 2003.

  • Improvements
    • Temporal Key Integrity Protocol (TKIP) creates a per‑packet key from a dynamic 128‑bit master key.
    • 48‑bit Message Integrity Check (MIC) detects tampering.
    • Supports pre‑shared key (PSK) or 802.1X/EAP (Enterprise) authentication.
  • Modes
    • WPA‑PSK – for homes/small offices.
    • WPA‑Enterprise – uses a RADIUS server for individual credentials.
  • Typical WPA‑PSK configuration
    1. Log into the router’s admin console.
    2. Choose **WPA‑PSK** (or **WPA‑WPA2‑PSK** for mixed mode).
    3. Enter a strong passphrase (≥ 12 characters recommended).
    4. Select **TKIP** as the encryption algorithm.
    5. Save and reboot if prompted.
    6. Connect client devices using the same SSID and passphrase.

6.3 Wi‑Fi Protected Access 2 (WPA2 – AES/CCMP)

Current minimum standard for most deployments (since 2004). Replaces TKIP with the stronger AES‑based CCMP.

  • Key improvements
    • 128‑bit AES encryption provides robust confidentiality.
    • CCMP (Counter Mode with CBC‑Message Authentication Code Protocol) supplies both encryption and integrity.
    • Supports the same PSK and Enterprise authentication models as WPA.
  • Why WPA2 supersedes WPA
    • TKIP is deprecated; AES is resistant to known attacks.
    • Regulatory bodies (e.g., Wi‑Fi Alliance) require WPA2‑AES for certification.
  • Configuration (WPA2‑PSK)
    1. Access the router’s security settings.
    2. Select **WPA2‑PSK** (or **WPA2/WPA‑PSK mixed mode** for legacy devices).
    3. Enter a complex passphrase (minimum 8 characters, preferably ≥ 12).
    4. Choose **AES** (or **CCMP**) as the encryption method.
    5. Save and apply the changes.

6.4 Wi‑Fi Protected Access 3 (WPA3)

Introduced in 2018; provides the strongest protection for compatible hardware.

  • Key features
    • Simultaneous Authentication of Equals (SAE) – a password‑based Diffie‑Hellman exchange that resists offline dictionary attacks.
    • Protected Management Frames (PMF) – mandatory, preventing spoofed deauthentication/disassociation attacks.
    • Forward Secrecy – each session generates a fresh encryption key.
    • Optional 192‑bit security suite for enterprise environments.
  • Configuration basics
    1. Choose **WPA3‑Personal** (SAE) or **WPA3‑Enterprise** (EAP‑192) in the router’s security menu.
    2. Enter a strong passphrase for Personal mode; configure a RADIUS server for Enterprise mode.
    3. Ensure the router’s firmware supports WPA3 and enable **PMF** if a separate toggle exists.
    4. Save settings and update client devices to the latest drivers/OS to support SAE.

7. Common Wireless Attacks & Mitigation Strategies

Table 14.7‑2 – Typical attacks and how the syllabus checklist mitigates them
Attack Targeted Weakness Mitigation (Checklist)
WEP cracking (FMS/KoreK) Short IV, static key, no integrity check Never use WEP; upgrade to WPA2‑AES or WPA3.
Dictionary/brute‑force on WPA/WPA2‑PSK Weak passphrase Use a complex, minimum 12‑character passphrase; change regularly.
KRACK (Key Reinstallation Attack) Flaws in the 4‑way handshake of WPA/WPA2 Apply latest firmware/patches; enable WPA3 where possible (SAE prevents KRACK).
Rogue Access Point / Evil Twin Clients auto‑connect to stronger‑signal APs without verification Enable 802.1X/EAP (Enterprise) or WPA3‑SAE; use certificate‑based authentication; monitor for unknown BSSIDs.
MAC‑address spoofing MAC filtering relies solely on hardware addresses Treat MAC filtering as a convenience feature only; rely on strong encryption and authentication.
WPS abuse WPS PIN can be brute‑forced in a few hours Disable WPS unless absolutely required.

8. Comparison of Wireless Encryption Protocols

Table 14.7‑3 – Features of WEP, WPA, WPA2 and WPA3
Feature WEP WPA (TKIP) WPA2 (AES‑CCMP) WPA3 (SAE/PMF)
Encryption algorithm RC4 (static key) RC4 + TKIP (dynamic per‑packet key) AES‑CCMP (128‑bit) AES‑256 (SAE) + PMF
Integrity check None MIC (48‑bit) CCMP (CBC‑MAC) CCMP + PMF
Key management Static pre‑shared key Per‑packet key derived from PSK Per‑session key derived from PSK or 802.1X SAE (password‑based DH) – forward secrecy
Resistance to offline dictionary attacks None Low Medium (depends on PSK strength) High – SAE throttles attempts
Management‑frame protection No No Optional (802.11w) Mandatory (PMF)
Current recommendation (Cambridge syllabus) Never use Only for legacy devices Minimum for most deployments Preferred where hardware supports it

9. Glossary (AO1 – Terminology)

TermDefinition (as required for the exam)
WEPWired Equivalent Privacy – an early IEEE 802.11 security protocol using RC4 with a static key and a 24‑bit IV.
TKIPTemporal Key Integrity Protocol – a WPA encryption method that generates a per‑packet key from a 128‑bit master key and adds a MIC.
AES‑CCMPAdvanced Encryption Standard with Counter Mode and CBC‑Message Authentication Code Protocol; the encryption and integrity mechanism used by WPA2.
SAESimultaneous Authentication of Equals – a password‑authenticated Diffie‑Hellman key exchange used in WPA3‑Personal to prevent offline dictionary attacks.
PMFProtected Management Frames – a mandatory feature in WPA3 that secures management frames (e.g., deauthentication) against spoofing.
802.1X/EAPPort‑based Network Access Control framework that uses an authentication server (RADIUS) for individual user credentials.
RADIUSRemote Authentication Dial‑In User Service – a server that validates credentials for WPA‑Enterprise and 802.1X networks.
KRACKKey Reinstallation Attack – exploits a flaw in the WPA/WPA2 4‑way handshake to force reuse of encryption keys.
SSIDService Set Identifier – the human‑readable name of a wireless network.
IVInitialization Vector – a non‑secret value combined with a key to produce a unique keystream for each packet (used in WEP and WPA).
MAC filteringA method of allowing or denying network access based on the device’s Media Access Control address.

Create an account or Login to take a Quiz

44 views
0 improvement suggestions

Log in to suggest improvements to this note.