Wi-Fi Authentication and Encryption Demystified Exploring the Ins and Outs of Wi-Fi Security Ron Pacchiano
A curious reader — eager to understand how wireless encryption and security works — runs two scenarios by our columnist. Read on to find out if logical assumptions pan out in the world of Wi-Fi.
I've been using a wireless network for a few months. I don't know much about Wi-Fi (define) encryption and security, but I would like to get a better understanding so I can respond appropriately in certain situations. I have come up with a couple of scenarios (based on what I know) to illustrate how I think the wireless devices would behave. If I'm incorrect in my assumptions, I was hoping that you could tell me why and explain what would actually happen. Here are my scenarios:
Senario 1: I configured my access point (AP) (define) to use open authentication and a 64-bit WEP (define) key. My client PC has also been configured to use open authentication, but I did not configure it with the WEP key. I intentionally left it blank.
In such a situation, would the client PC still be able to establish a successful connection with the AP, even though it doesn't have the WEP key? Logically, I think that it would. Since the authentication is "open," I would think that the WEP key shouldn't matter. Or is the opposite true? That is, because the WEP key doesn't match that of the AP, would the client PC be prohibited from establishing a connection?
I've experimented with this a bit on my own and observed that the client PC will, in fact, connect to the AP, despite the fact that it doesn't have the proper WEP key. However, it doesn't seem to be able to send or receive any packets once it has been authenticated. I assume this is because of the incorrect WEP key, but if that is the problem, then why can it connect to the network at all?
Senario 2: I have an access point and a PC. Each has been properly configured with the same WEP key and is communicating fine. If I were to go into the AP configuration and remove encryption while they were connected, would the client PC still maintain its connection to the AP or would it lose conductivity to the AP due to the encryption change? I would assume that since encryption is no longer being used, the client PC would momentarily lose the connection to the AP, rescan for the wireless network, find the network, reconnect, and continue transmitting. Since the encryption is gone, it should have no trouble reconnecting.
So what do you think? Are my assumptions correct in these scenarios? I've been researching this online, but can't seem to find the answers anywhere. Thanks!
I'm sorry to have to be blunt in telling you this, but you would be wrong in both situations. Let's take a look at the first scenario. Authentication is simply a way for the device to verify the identity of another device that's attempting to connect to it. So whether you're using open or shared authentication, the purpose is the same — to authenticate a wireless client to the network-controlling device (in this case an access point). However, each of these techniques goes about this in a different way.
The difference between an open system and shared system authentication is that the shared system passes along additional information that could be used by a hacker to crack the WEP key. This is how it works: With a shared-key authentication process the AP sends challenge text to the client in clear text, and then the client encrypts it and sends it back to the AP.
If someone were sniffing or monitoring your transmission while this was happening, they would be able to intercept a sample of plain text with its corresponding encrypted text. This gives the hacker a tremendous head start when attempting to break your encryption key because all of the information needed to perform the decryption is contained in these two pieces of data.
Conversely, the open network authentication system doesn't pass on any information to the client in plain text, just the corresponding encrypted text. By removing that information, the process of breaking your encryption key is far more difficult. Since WEP can be used with both authentication methods, an open system is the preferred encryption method to employ. Because it doesn't pass on any additional data about the key, it's considered to be more secure.
The reason you can't send or receive packets after it connects is because the client PC was never actually authenticated to the access point to begin with. The reason for your confusion is simple. Even though you have nonsimilar WEP keys, the two devices will still associate, as that is the first step in establishing a connection.
During the association no information other than a challenge/request handshake passes between the devices. The challenge handshake is the beginning of the authentication process, and the only way the two devices will authenticate is if they both have the same encryption key. Because the client PC didn't have the corresponding WEP key, it was able to associate to the AP, but not authenticate against it.
This applies to your second scenario as well. Even though the AP no longer has encryption enabled and is, as you said, open, the client PC is still looking for encrypted traffic. So removing the WEP key from the AP will cause the information passing from one device to the other to no longer have the same credentials, causing communication to cease.
Truth be told, though, you really didn't need me to tell you this. Over the years, I've discovered that nothing is a better teaching tool than experience. You have all the hardware you need to test these scenarios on your own, so give it a try. Don't worry about anything. There is little chance of you permanently damaging anything. Experiment a little bit. You should have no problem confirming everything we discussed here. Have fun!
I've been using a wireless network for a few months. I don't know much about Wi-Fi (
I'm sorry to have to be blunt in telling you this, but you would be wrong in both situations. Let's take a look at the first scenario. Authentication is simply a way for the device to verify the identity of another device that's attempting to connect to it. So whether you're using open or shared authentication, the purpose is the same — to authenticate a wireless client to the network-controlling device (in this case an access point). However, each of these techniques goes about this in a different way.