COMSATS UNIVERSITY ISLAMABAD

WIRELESS AND MOBILE SECURITY

ASSIGNMENT: 03
PART 1
NAME: SYEDA BANEEN BATOOL
REGISTRATION NO: SP22-BCT-045
CLASS: BCT-6A
SUBMITTED TO: SIR ZULFIQAR ALI
Question No 1:
1. Explain the working of WPA, including WPA-Personal (WPA-PSK) and WPA-Enterprise.

Wi-Fi Protected Access (WPA) is a security protocol developed to enhance the protection of wireless
networks. It was introduced as a replacement for the weaker WEP (Wired Equivalent Privacy) and
provides improved data encryption and user authentication. WPA is commonly used in two modes:
WPA-Personal (WPA-PSK) and WPA-Enterprise. Here's how they work:

1. Overview of WPA

 Encryption: WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically generate
unique encryption keys for each packet of data, making it more secure than WEP's static
keys.

 Authentication: It employs user authentication to prevent unauthorized access. The type of

authentication depends on whether the network uses WPA-Personal or WPA-Enterprise.

2. WPA-Personal (WPA-PSK)

 Definition: "Pre-Shared Key" (PSK) mode is intended for home networks or small businesses.

 Working:

1. Key Setup:

 A single shared passphrase or password is configured on both the wireless

access point (AP) and client devices.

 This passphrase is used to derive a pairwise master key (PMK).

2. Encryption:

 WPA-PSK uses TKIP or AES-CCMP (Advanced Encryption Standard) for

encryption, ensuring secure data transmission.

3. Authentication:

 There is no additional user authentication mechanism; all devices with the

correct passphrase are granted access.

 Advantages:

o Easy to set up.

o Suitable for networks with fewer users.

 Disadvantages:

o Vulnerable to brute force or dictionary attacks if the passphrase is weak.

o The same passphrase is shared across all users, reducing individual accountability.

3. WPA-Enterprise

 Definition: Designed for business or enterprise networks, it provides more robust

authentication using a Remote Authentication Dial-In User Service (RADIUS) server.
  Working:

1. Authentication Protocol:

 WPA-Enterprise uses 802.1X and Extensible Authentication Protocol (EAP)

for user authentication.

 EAP methods (e.g., EAP-TLS, PEAP) ensure that individual users authenticate
with unique credentials (e.g., usernames and passwords, digital certificates).

2. Key Setup:

 After successful authentication, the RADIUS server and AP negotiate a

unique PMK for each client.

3. Encryption:

 Like WPA-Personal, WPA-Enterprise uses TKIP or AES-CCMP for data

encryption.

4. Session Keys:

 Each user session is assigned a unique encryption key, ensuring better data
security.

 Advantages:

o Strong user authentication and individual accountability.

o Unique session keys for each user enhance security.

 Disadvantages:

o Complex setup requiring a RADIUS server.

o Higher cost and maintenance overhead.

2. Compare WPA with WEP (Wired Equivalent Privacy) and WPA2.

Feature WEP (Wired WPA (Wi-Fi Protected WPA2 (Wi-Fi

Equivalent Privacy) Access) Protected Access 2)
Purpose Initial wireless security Replacement for WEP Enhanced security
protocol. with better security. over WPA.
Encryption Algorithm RC4 (static key TKIP (dynamic key, AES-CCMP (stronger
per-packet encryption).
encryption).
Key Management Static key (same key Temporal Key Integrity Advanced Key
for all packets). Protocol (TKIP). Management with
AES-CCMP.
Authentication Shared key or open WPA-Personal (PSK) or Same as WPA with
system (weak). WPA-Enterprise more robust
(802.1X). protocols.
Security Strength Weak: Susceptible to Moderate: Stronger Strong: Resistant to
 key reuse and attacks. encryption and most modern attacks.
dynamic keys.
Vulnerabilities Easily cracked in Susceptible to brute- WPA2 with AES-CCMP
minutes (tools force attacks on PSK. is very secure.
available).
Hardware Support Compatible with old Requires firmware May require new
hardware. upgrade for older hardware for full
devices. support.
Usage Today Obsolete; not Legacy systems; still in Standard for modern
recommended. use but declining. networks; widely
used.

3. Discuss the role of TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption
Standard) in WPA.

1. Temporal Key Integrity Protocol (TKIP)

 Role: TKIP was introduced as an interim solution to address the weaknesses of WEP while
using the same hardware.

 Key Features:

1. Dynamic Key Generation: Generates a new key for each data packet to prevent key
reuse.

2. Message Integrity Check (MIC): Detects and prevents tampering with data packets.

3. Per-Packet Key Mixing: Enhances security by mixing keys with additional data to
produce unique keys.

 Advantages:

o Compatible with older WEP hardware.

o Provides better security than WEP by addressing its vulnerabilities.

 Limitations:

o Relies on the RC4 stream cipher, which has known vulnerabilities.

o Considered less secure compared to AES.

2. Advanced Encryption Standard (AES)

 Role: AES was introduced in WPA2 as a more robust encryption standard to replace TKIP.

 Key Features:

1. Block Cipher: AES encrypts data in fixed 128-bit blocks, making it highly secure.

2. Multiple Key Sizes: Supports 128-bit, 192-bit, and 256-bit key lengths.
 3. Encryption Mode (CCMP): AES in WPA2 uses CCMP (Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol) for strong encryption and
integrity.

 Advantages:

o Provides high levels of security.

o Resistant to modern attacks like brute force and replay attacks.

 Limitations:

o Requires newer hardware for implementation.

o More resource-intensive than TKIP.

4. Explain the key management process in WPA (Key Distribution, Pairwise Master Key, and Group
Key).

The key management process in WPA (Wi-Fi Protected Access) ensures secure communication by
distributing and managing encryption keys used to encrypt and decrypt data. It involves several key
components and steps, including Key Distribution, Pairwise Master Key (PMK), and Group Key
management.

1. Key Distribution

 Purpose: Ensures secure delivery of encryption keys between the Access Point (AP) and
wireless clients.

 Process:

1. When a device connects to the AP, the AP and the client establish a secure channel
for exchanging keys.

2. Key exchange uses the 4-Way Handshake protocol to ensure confidentiality and
mutual authentication.

3. The keys used for encrypting communication are derived rather than transmitted
directly, preventing interception.

2. Pairwise Master Key (PMK)

 Definition: The PMK is a key shared between the client and the AP, used as the basis for
deriving encryption keys.

 Derivation:

o In WPA-Personal (WPA-PSK): The PMK is derived from the shared passphrase using
the PBKDF2 (Password-Based Key Derivation Function 2) algorithm.

o In WPA-Enterprise: The PMK is dynamically generated during the authentication

process using 802.1X and the RADIUS server.
  Purpose:

o Used to create the Pairwise Transient Key (PTK), which encrypts unicast
communication between the AP and the client.

 Security: The PMK is never directly transmitted over the network, reducing the risk of
interception.

3. Group Key (GTK)

 Definition: The GTK is a shared key used to encrypt multicast and broadcast traffic sent by
the AP to all clients.

 Distribution:

o The AP generates the GTK and securely distributes it to all connected clients using
the 4-Way Handshake.

 Rotation:

o To enhance security, the GTK is periodically refreshed and redistributed to prevent

unauthorized access.

5. Identify WPA's strengths and weaknesses from a security perspective.

WPA's Strengths and Weaknesses from a Security Perspective

Strengths

1. Improved Security Over WEP:

o Dynamic Keying: WPA uses dynamic keys with the Temporal Key Integrity Protocol
(TKIP), reducing the risk of key reuse, unlike WEP's static keys.

o Message Integrity: TKIP includes a Message Integrity Check (MIC) to prevent

tampering with data packets.

2. Stronger Authentication:

o WPA-Personal (PSK): Uses a shared passphrase to generate a strong key.

o WPA-Enterprise: Supports 802.1X and RADIUS, enabling strong, individual

authentication via usernames, passwords, or certificates.

3. Encryption:

o TKIP and AES (in WPA2) provide stronger encryption methods than WEP’s RC4, with
AES offering robust security against modern attacks.

4. Resistance to Replay Attacks:

o WPA implements a 4-Way Handshake that ensures the integrity of the keys and
prevents replay attacks.
Weaknesses

1. Vulnerable to Brute-Force Attacks (WPA-Personal):

o WPA-PSK (Pre-Shared Key) can be vulnerable to brute-force or dictionary attacks if

the passphrase is weak. A strong passphrase is essential for security.

2. Weak in High-Risk Environments:

o TKIP (used in WPA) is more secure than WEP but is still vulnerable to attacks such as
FMS (Fluhrer, Mantin, and Shamir) and Brute-Force methods.

o WPA2 with AES is much stronger but still susceptible to potential future attacks with
advances in quantum computing.

3. WPA-Enterprise Complexity:

o Requires RADIUS servers and additional infrastructure, making it more complex and
difficult to set up correctly. Misconfigurations can lead to vulnerabilities.

4. Backward Compatibility:

o WPA's reliance on TKIP (backward compatible with WEP hardware) is a weakness as

it still uses RC4, a vulnerable cipher. It may not be as secure as WPA2 with AES.

Question No 2:
Write a Python program to simulate the WPA-PSK authentication process. The program should
include:

1. Generating a PSK (Pre-shared Key) from a given passphrase using PBKDF2 (Password-
Based Key Derivation Function 2).

2. Establishing a secure handshake between a client and an access point using the PSK.

3. Implementing WPA’s 4-way handshake process to exchange keys securely.

4. Use Python's hashlib and hmac libraries to perform necessary cryptographic

Hint: You can use libraries such as pycryptodome for implementing AES or TKIP encryption.

Code:
Output:

Question No 3:

Simulate the encryption and decryption of packets in WPA using the chosen encryption algorithm
(AES or TKIP). Implement the following:

 Encrypting a message using the derived WPA key.

 Decrypting the encrypted message back to its original form.

CODE:

OUTPUT:

Question No 4
1. Implement an integrity check (Message Integrity Check - MIC) for the packets sent over the WPA-
secured network.

2. Simulate the process of verifying packet integrity by adding and checking MIC values.

CODE:
OUTPUT: