Jump to content
Sign in to follow this  
Lover of quiet computers

Where do WEP, WPA, and WPA2 fit in the OSI Model?

Recommended Posts

Lover of quiet computers

While reading on the web about schemes used to secure wireless networks, I discovered an ambiguity: One source says Wired Equivalent Privacy occupies just the Data link layer of the Open Systems Interconnection Reference Model. Another says it occupies both that layer and the Physical layer. What is the true story? Do Wired Equivalent Privacy and Wi-Fi Protected Access occupy the same layers of the Reference Model?Soon I'll be living at a University that offers a completely unencrypted wireless local area network, and I want to be prepared to speak intelligently about it. (That's why I ask this question.)

Share this post


Link to post
Share on other sites
Peachy

According to Microsoft:

All of the components in the 802.11 architecture fall into either the media access control (MAC) sublayer of the data-link layer or the physical layer.
It depends on what part of the 802.11 standard you're talking about.http://www.microsoft.com/resources/documen...3tr_wir_how.aspWPA would have to be in the same layers of WEP whatever that turns out to be, because WPA is an extension of WEP. It still uses the same underlying encryption scheme but with an extra set of encryption techniques.

Share this post


Link to post
Share on other sites
Lover of quiet computers
According to Microsoft: It depends on what part of the 802.11 standard you're talking about.http://www.microsoft.com/resources/documen...3tr_wir_how.asp
From reading that documentation, this is what I understand.
  • WEP encrypts the payload of an 802.11 frame.
  • The frame is presumably an 802.11 MAC frame.
  • Everything related to MAC goes under the Data link layer.

Therefore, can we conclude that WEP and WPA are in the Data link layer?

Share this post


Link to post
Share on other sites
Peachy

That would be my conclusion, too. I can't see where the encryption would take place in the physical layer, but the 802.11 spec includes the physical layer. You know, you can edit the Wikipedia... :thumbsup:

Share this post


Link to post
Share on other sites
Lover of quiet computers
That would be my conclusion, too.
Thank you for your help.

Share this post


Link to post
Share on other sites
JackR

WEP.Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.40bits (encryption)+ 24bits(init. vector)=64bits Encryption.104bit(encryption)+ 24bits(init. vector)=128bits Encryption.WEP uses RC4 stream encryption, for a fresh key stream for each packet.The Init Vector & the key are combined to get per-packet key which is used to generate RC4 keys stream.The RC4 is one of the major culprits in the security issues.Part of the weakness of RC4 has to do with the combo of Init. Vector and Plain Text chipper.24 bit Init vector is finishing a cycle of 2 in the power of 24 in about hour and then repeats. Repeating Init Vector plus knowledge about the plaintext language, makes guessing the plaintexts simpler. The hopefully soon coming 802.11iLikely to include: Temporal Key Integrity Protocol (TKIP)Replace RC4, probably with AESMessage Integrity Code (MIC)WPAIt is an interim solution that is used now until 802.11i comes out.It still using RC4, but the Key was changed to TKIP.TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher. TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.The Big Change will come with AES.AES (Advance Encryption Standard).AES aka the Rijndael algorithm is a secure, fast symmetric cipher that is easily implemented in hardware.AES has its own mechanism for dynamic key generation. It's also resistant to statistical analysis of the cipher text. In wireless it would do the cipher in hardware. :hmm:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...