7.2 Wireless Encryption

The Evolution of Wireless Encryption

Wireless encryption protects the confidentiality and integrity of data over the air. CEH heavily tests why each generation was retired, not just their names. Remember that the cipher (encryption) is separate from the authentication mode (Open/PSK/Enterprise from 7.1); a single network configures both.

WEP — Wired Equivalent Privacy (Broken)

WEP used the RC4 stream cipher with a short, cleartext initialization vector (IV) of only 24 bits. With such a small IV space, the IV repeats on a busy network, and the FMS and later PTW attacks exploit weaknesses in RC4 key scheduling to recover the key statistically from enough captured frames — often in minutes. WEP also used a weak CRC-32 integrity check that does not detect deliberate tampering. WEP is cryptographically broken and must never be used.

WPA with TKIP (Transitional, Deprecated)

WPA (Wi-Fi Protected Access) was a stopgap so existing WEP hardware could be patched by firmware. It introduced TKIP (Temporal Key Integrity Protocol), which adds per-packet key mixing, a 48-bit IV/sequence counter to stop replay, and a stronger Message Integrity Check (MIC, "Michael"). But TKIP still rides on RC4 and has known weaknesses (e.g., the Beck-Tews attack), so the Wi-Fi Alliance deprecated TKIP; modern certifications disallow TKIP-only modes.

WPA2 with CCMP/AES (Secure When Configured Well)

WPA2 mandates CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), built on the AES block cipher (128-bit). CCMP provides both confidentiality and integrity, with no practical break of the cipher itself. WPA2's residual exposure is the PSK 4-way handshake: a captured handshake (or a PMKID) lets an attacker attempt an offline guess of a weak passphrase. The cipher is sound — a weak password is the failure.

The WPA2 4-Way Handshake

The 4-way handshake is the heart of WPA/WPA2-PSK and the target of most WPA2 attacks. Both sides already know the Pairwise Master Key (PMK), derived from the passphrase and SSID. The handshake proves each side knows the PMK and derives fresh session keys.

1. AP → client: sends the AP nonce (ANonce).
2. Client → AP: sends its nonce (SNonce) plus a MIC. The client can now compute the Pairwise Transient Key (PTK) from PMK + ANonce + SNonce + both MAC addresses.
3. AP → client: sends the Group Temporal Key (GTK) and a MIC, confirming it derived the same PTK.
4. Client → AP: acknowledges; encryption begins.

The attack: an attacker only needs to capture this exchange (messages 1-2 carry the nonces and MIC). With the SSID, nonces, and MAC addresses known, the attacker guesses passphrases offline — for each candidate, derive the PMK, compute the PTK, and check whether the resulting MIC matches the captured one. No interaction with the AP is needed during cracking, so rate-limiting and lockouts do not help; only passphrase entropy does. The PMKID (a value some APs place in the first frame) lets an attacker skip waiting for a client entirely and attack a single captured frame.

WPA3 with SAE (Current Best Practice)

WPA3-Personal replaces the PSK handshake exposure with SAE (Simultaneous Authentication of Equals), a password-authenticated key exchange known as the Dragonfly handshake. SAE makes offline guessing infeasible: an attacker who captures the exchange cannot test passwords offline, only via slow online attempts. WPA3 also adds forward secrecy (a future password compromise does not decrypt past traffic) and mandatory Protected Management Frames (PMF / 802.11w), which blunt deauthentication abuse. WPA3-Enterprise offers an optional 192-bit security mode for high-assurance environments.

Caveat the exam may probe: the 2019 Dragonblood research found that early WPA3 implementations were vulnerable to downgrade attacks (forcing a fallback to WPA2's crackable handshake) and side-channel timing/cache leaks. These are implementation flaws, not a break of SAE's design, and were addressed by patches and WPA3 transition-disable; SAE remains the strongest option.

Encryption Comparison Table

Key Distinctions for the Exam

• WEP is broken (the cipher fails); WPA-TKIP is deprecated (legacy, weak); WPA2-CCMP is sound but exposed by weak passphrases; WPA3-SAE is current best practice.
• CCMP/AES vs TKIP/RC4: CCMP is the strong, mandatory WPA2/WPA3 choice; TKIP exists only for backward compatibility and should be disabled.
• SAE vs PSK: both can use the same passphrase, but SAE removes the offline cracking path a captured handshake creates.
• A WPA2 network in mixed/transitional mode that still allows TKIP weakens itself to the lowest common cipher — disable legacy fallbacks.