***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-implementation/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Wireless Cryptography``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Wireless Cryptography](#a) <br/><br/>

- [Securing Wireless Network](#b) <br/><br/>
- [Wireless Encryption](#c) <br/><br/>
- [Security Type - Wi-Fi Protected Access 2](#d) <br/><br/>
    - [Wi-Fi Protected Access 2](#d) <br/><br/>
        - [``WPA2``](#d) <br/><br/>
            - [Encryption](#d) <br/><br/>
                - [Cipher Block Chaining Message Authentication Code Protocol](#d) <br/><br/>
                    - [``CCMP`` ](#d) <br/><br/>
    - [Wi-Fi Protected Access 3](#e) <br/><br/>
        - [``WPA3``](#e) <br/><br/>
            - [Encryption](#e) <br/><br/>
                - [Galois Counter Mode Protocol](#e) <br/><br/>
                    - [``GCMP``](#e) <br/><br/>
            - [Security Update](#f) <br/><br/>
                - [``PSK``](#f) <br/><br/>
                    - [Hash](#f) <br/><br/>
                        - [Brute Force](#f) <br/><br/>
                - [Session Keys](#g) <br/><br/>
                    - [No Hash](#g) <br/><br/>
                - [Simultaneous Authentication of Equals](#h) <br/><br/>
                    - [``SAE``](#h)
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Wireless Cryptography
***

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Securing Wireless Network
***

When using wired networks, we don’t have to worry so much about other people listening in to what we’re doing but on wireless networks, anyone nearby is able to pull our traffic right out of the air and listen in to whatever it happens to be going across the network. That means we need additional security controls whenever we’re using these wireless networks. 

Before anyone can gain access to the wireless network they need to properly ``Authenticate``, and that authentication can take a number of different forms - that might be a username, a password, there might be multifactor authentication, you might be using 802.1X, or smartcards, or some other method to help authenticate a user on to that wireless network.

Also want to be sure that all of the traffic that we’re sending across this wireless network is ``Encrypted`` - if someone was to grab this information out of the air and look into the data of the packets, they would have no idea the information that was being sent because everything is sent over an encrypted channel. 

It would be useful if there was ``Integrity`` built into the communication as well - that way we can be assured the information we’re receiving from a third party is the information that was originally sent, and we can be assured that nothing was changed along the way. Sometimes see this integrity check referred to as a ``Message Integrity Check`` (``MIC``). 

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Wireless Encryption
***

We’ve relied on wireless encryption since the advent of ``802.11`` wireless networking. That’s because anyone who’s around can effectively hear all of the conversations occurring over the network, and if we were sending this information without any encryption, it would be very easy for an attacker to gather these packets and see exactly what was being sent back and forth.

This means if you’re on a wireless network and you want that information to remain private, then you need to enable encryption on that wireless access point - this means that everyone using the network will have an encryption key that’s used to send and receive all of the data sent across this wireless network. 

If you don’t have the encryption key, then you won’t be able to understand any of the information that’s being sent between the stations on this wireless network, so if you’re using ``WPA2`` or ``WPA3`` encryption, then all of this information is protected over the wireless network.

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Security Type - Wi-Fi Protected Access 2 - ``WPA2`` - Encryption - Cipher Block Chaining Message Authentication Code Protocol - ``CCMP`` 
***

WPA2 is a security type on our wireless networks that’s been around for a very long time - this is called Wi-Fi Protected Access 2, or WPA2 and this began certification in 2004 - this uses an encryption called CCMP block cipher mode (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (``Counter/CBC-MAC protocol``). 

That’s a very long name that effectively means you’re using CCMP over WPA2. 

CCMP uses a number of different protocols to provide the security we need for our wireless networks, for example:

> ``Confidentiality`` of the data is encrypting with the ``AES`` Protocol 

> ``Integrity`` used on the network, for the Message Integrity Check (``MIC``) uses ``CBC-MAC``

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Security Type - Wi-Fi Protected Access 3 - ``WPA3`` - Encryption - Galois Counter Mode Protocol - ``GCMP``
***

The update to WPA2 security is WPA3 - this is version 3 of the WPA protocol that was introduced in 2018. 

It changes the encryption just a bit. It uses a different block cipher mode called GCMP - this is your Galois Counter Mode Protocol and it is an update to the encryption method used with WPA2 in an effort to make this just a bit stronger encryption than the older WPA2 protocol. 

The methods used for encryption and integrity are similar in many ways to WPA2:

> ``Confidentiality`` of the data still uses ``AES``

> ``Integrity`` for the ``MIC`` changed to ``Galois message authentication code`` or ``GMAC``.

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Security Type - Wi-Fi Protected Access 3 - ``WPA3`` - Security Update - ``PSK`` - Hash - Brute Force
***

A significant security updates to WPA3 addressed a number of challenges with keeping WPA2 secure - one of these is the pre-shared key (``PSK``) issue associated with WPA2. 

Although the WPA2 protocol is not insecure, it still is subject to brute-force attacks if somebody has the hash that is used for the pre-shared key. Obtaining the hash then, is an important first step for an attacker if they’d like to perform a brute force attack to find that key. Obtaining the hash can be done with WPA2 by listening in on the four-way handshake that occurs initially when someone is connecting to the WPA2 network. 

There are a number of methods where an attacker could get their hands on this hash without actually listening to the handshake. 

Once attackers have captured that hash information, they can begin the brute-force process to try to determine what that pre-shared key might be.

As security professionals, we know that as time goes on, it becomes easier and easier to perform a brute force on these keys. Part of the reason for that is that our graphical processing units, our GPUs, are primarily used for decryption and brute force functionality and those particular processes are becoming faster and faster. Also found ways to use the cloud in order to perform this password cracking, and we can use many hundreds or thousands of systems to be able to work on this brute force simultaneously. 

With all of that computing power behind you, it becomes easier and easier to perform the brute force and once you have found that ``PSK``, you now effectively have access to all of the data that was sent over that wireless communication.

< [Table of Contents](#top) | [References](#references) >
<a id="g"></a>
***
###### Security Type - Wi-Fi Protected Access 3 - ``WPA3`` - Security Update - Session Keys - No Hash
***

With WPA3, we’ve changed the authentication process to avoid this hashing problem. Instead, we’ve added additional security features such as ``Mutual Authentication`` so that not only are you authenticating to the access point, the access point could also authenticate with you. 

Also changing the way the ``Key Exchange Operation``, instead of sending a hash over the network, we create a shared session key without having to send that key across the network. 

There’s no more handshaking, there’s no more hashes that are sent, and no one is able to gain access to the hash and then perform some type of brute force attack.

Also have the advantage of ``Perfect Forward Secrecy`` in WPA3, which means that the session key that we’re using can change often, and everyone is using a different session key. 

Perfect Forward Secrecy, means that the session keys are created whenever we’re performing the sessions, and once the session is over, the key is thrown away, we use a completely different key if we start a new session. 

This means that WPA3 no longer has those problems associated with WPA2. We no longer have a hash, therefore we no longer have to worry about brute forces associated with these pre-shared keys.

< [Table of Contents](#top) | [References](#references) >
<a id="h"></a>
***
###### Security Type - Wi-Fi Protected Access 3 - ``WPA3`` - Security Update - Simultaneous Authentication of Equals - ``SAE``
***

> So how do we create a session key that’s used on both sides of the conversation without actually sending that session key across the network? 

To be able to do this, we use a method called Simultaneous Authentication of Equals (SAE). 

Familiar with Diffie-Hellman key exchange, you may find that SAE sounds a little familiar, that’s because it is derived from that Diffie-Hellman process. 

Added some additional capabilities though, that go a little bit farther than Diffie-Hellman so that we can add some authentication components to the conversation. 

Of course, everyone on the network is generating a different session key even if everybody is using exactly the same pre-shared key to connect to the wireless network - this was added to the IEEE 802.11 standard, and you’ll sometimes hear this key exchange process referred to as the ``Dragonfly Handshake``.

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK