Skip navigation
Cisco Learning Home > CCNA Wireless Study Group > Discussions
This Question is Answered
13231 Views 38 Replies Latest reply: Jun 3, 2011 5:37 AM by Eric A. Nygren RSS 1 2 3 Previous Next

Currently Being Moderated

Encryption Vs. Authentication

Jan 31, 2011 6:05 AM

Angela 746 posts since
Jan 29, 2010

  So here is something I have wanted to ask for a very long time. What exactly does WEP and WPA gets classified as?

  I understand that in order to encrypt the session, we use DH to secure the exchange of the session keys.

  I also understand that WEP uses RC4 for encryption whereas WPA uses AES for encryption, other encryption protocols in the IPsec framework include DES and 3DES, right?

  I originally believed that WEP keys are used to encrypt the data transmitted during the session, however, on a second thought, when we join a wireless network, we have to specify the SSID as well as the WEP keys used. Doesn't this makes WEP an authentication mechanism? I thought authentication is defined to submit some credentials in order to gain access, am I wrong?

 

  So how is WEP categorized? authentication or encryption? And by this, I also refer to WPA and WPA2.

 

 

Regards,

Angela

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    1. Jan 31, 2011 6:18 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    How about.... a little bit of both?  WEP does provide an authentication mechanism that is called pre-shared key, which turns out isn't that secure.  Then there is open authentication which is not really authenication, but just allowing anyone to authenticate.  They would still need the encrpytion key to associate though, so even that seems to behave like an authentication method.  After a while, people were introducing 802.1x authentication and using WEP encryption.  Now because 802.1x is a different standard, its never been considered a WEP authentication method, but an external method outside of WEP.

     

    http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    3. Jan 31, 2011 6:26 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    Ah.... don't know about that.  WEP just contained both authentication and encryption functions and is very, very out dated.  I haven't used it in years.  Although, for the CCNA Wireless, you will want to understand the association/authentication process and the open vs preshared authentication methods.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    5. Jan 31, 2011 7:45 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    Hi Angela

     

    you basically have 3 encryption mechanisms WEP, WPA-TKIP and WPA2-AES.

     

    Now if you use 802.1x you will have an authentication mechanism such as username and password and then the data is encrypted using one of the above 3 mechanisms.

     

    If you do not use 802.1x you will use a preshared key. Now that preshared key is entered and acts as the authentication mechanism.

     

    The authentication wether it is preshared key, username and password or certificates acts as the seed for the keys in the handshake that forms the encryption of the data.

     

    WEP and WPA are both RC4 while WPA2 is AES or more specifically AES based as it is CCMP.

     

    WEP is useless you can pretty much forget about it except for historical reference or maybe hysterical reference. WPA was a precursor to WPA2 which was a standin from the WiFi Alliance and based on a draft of 802.11i.

     

    WPA was introduced by the WiFi Alliance in April 2003 based on a draft of the 802.11i standard. In June 2004 802.11i was ratified by the IEEE and in September 2004 the WiFi Alliance introduced WPA2-AES based on all of the mandatory requirements of 802.11i.

     

    Hope that helps.

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    6. Jan 31, 2011 11:56 AM (in response to Pete Nugent)
    Re: Encryption Vs. Authentication

    WPA was meant as an interim solution by the WiFi Alliance while 802.11i was being ratified...   Both flavors of WPA, meaning WPA and WPA2, use the encryption protocols as Pete mentioned and use a preshared key for authentication (WPA personal) or 802.1x (EAP) for authentication (WPA2 Enterprise).

     

    Angela, how are you liking your wireless studies so far?

  • Eric A. Nygren 253 posts since
    Aug 11, 2008
    Currently Being Moderated
    8. Feb 1, 2011 6:11 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    WEP can be used in 1 of 4 ways:

         Preshared key layer 2 authentication without encryption

         Preshared key layer 2 authentication with static preshared key encryption

         Open layer 2 authentication with static preshared key encryption

         Open layer 2 authentication with 802.1x layer 3 authentication and dynamic key encryption

     

    WPA is a certification agency who has delevoped 2 seperate certifications:

         WPA (the certification) dictates that:

              either a more enhanced version of WEP (called TKIP) or any version of AES is used as the encryption algorthm.

              authentication can be done by way of a strong preshared key or and 802.1x mechanism

         WPA2 (the certification) dictates a strong adherance to the 802.11i standard, including:

              requiring AES-CCMP as an encryption algorthm

              authentication can be done by way of a strong preshared or 802.1x mechanism

              implementation of pre-authentication key caching

     

    Ultimately, the question cannot be answered.  You can classify neither WEP nor WPA as being only an authentication or encryption protocol.

     

    -Eric N

  • Eric A. Nygren 253 posts since
    Aug 11, 2008
    Currently Being Moderated
    10. Feb 1, 2011 7:25 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    I agree that it is troublesome when things don't fit into nice, neat categories, but those are the cards that were dealt.  The names they have are the names they are, no easy way around it.  If you are just looking for a nice name to put at the top of a web page, try "Wireless Security Procedures".  You can't even say "protocols" because WPA isn't a protocol, it is 1 of 2 ceritification by the WPA organization with verifying conformance of a portion of an IEEE standard.  Life is messy, I'm really sorry about it.

     

    -Eric N.

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    11. Feb 1, 2011 8:11 AM (in response to Angela)
    Re: Encryption Vs. Authentication

    I think that the word Protocol, isn't the right word to use in this context.  How about, standards or framework.  In several wireless books, EAP and its various flavors are described as a framework that all use 802.1x, which is a standard.  WPA isn't an official protocol, but just a marketing term from the Wifi Alliance.  In encorporates TIKP, which is the encryption algorithm used.  WPA2 is the Wifi Alliances term that basically matches up with 802.11i, which is a ratified standard.

     

    Understanding various organizations like IEEE and the wifi alliance and their terms for various technologies will really help.  It can get way confusing, but if you break it up by organization (IEEE and Wifi Alliance) it becomes a little more clear.

  • Pete Nugent 1,256 posts since
    Dec 8, 2008
    Currently Being Moderated
    12. Feb 1, 2011 9:03 AM (in response to Jared)
    Re: Encryption Vs. Authentication

    Eric you state

     

    WEP can be used in 1 of 4 ways:

         Preshared key layer 2 authentication without encryption

     

    I agree tat a s a PSK its and authentication mechanism however surely the packets are encrypted

     

    Secondly just for completeness

     

    WPA is a certification agency who has delevoped 2 seperate certifications:

     

    Should read

     

    WiFi Alliance is a certification agency who has delevoped 2 seperate certifications:

       

    Its really confusing as the protocols are

     

    WEP which is based on the RC4 cipher

    TKIP which is based on the RC4 cipher

    and CCMP which is based on the AES cipher suite.

     

    WPA really is just a standard but not in the same way as the IEEE produce standards as WPA is managed as a standard or tool that the WiFi Alliance use to certify interoperability of products. Hence WPA2 could not exist as the target was to meet all the mandatory reqirements of 802.11i, an IEE standard until that standard was ratified.

     

    Its a bit like WiMAX now that is not a standard but is based on the 802.16 standard.

     

    Why they make wireless so tough I will never know!

     

    Eric also interested in you saying 802.1x is layer 3 I have had that conversation and am stilll unsure if its layer 2 or 3 however as its a framework is it both or neither as it depends on the protocols used?

     

    God who the **** asked this ? LOL only kidding Angela, there are a few of us on here who have great debates as to what is and isnt in wireless.

     

    Jared and Eric are awesome and I am suprised Eric hasnt said "out of scope" yet

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    13. Feb 1, 2011 9:34 AM (in response to Pete Nugent)
    Re: Encryption Vs. Authentication

    Well, from a different perspective, it's really not out of scope.  Angela is just trying to understand where WEP and WPA fit as far as protocols are concerned.

     

    Boy did we ever have some good wireless debates.  Angela, welcome to the club!  Pete, with you and I and Eric, that is half of the old CCNA Wireless study gang!  Lets get Eric Hines, John and Corne in here and JC and we'd have the old group back!

  • Eric A. Nygren 253 posts since
    Aug 11, 2008
    Currently Being Moderated
    14. Feb 1, 2011 9:37 AM (in response to Jared)
    Re: Encryption Vs. Authentication

    It's in scope, but Pete is out of order and will be held in contempt of Knowledge Court.

     

    WiFi Alliance, you win.

     

    Rework, 3 options (I always wanna force that 4th one in my head but it is not a valid option):

         802.1x with dynamic WEP

         WEP PSK Authentication with WEP PSK Encryption

         Open Auth with WEP PSK Encyption

     

    WPA is not a standard, I'd take framework as a better term, but it is a certification.

    WPA2 is not a standard, it is a certification for conformance against most of 802.11i (there are slight allowable deviations, such as 802.11i dictates 802.1x and not PSK, WPA2 allows PSK).

     

    I missed this, we need more fun.

     

    -Eric N

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)