The symmetric-key algorithms discussed in this work come in the forms of stream and
block ciphers. A stream cipher takes the plaintext input data stream and encrypts it bit by
bit. This feature makes it ideal for situations where there are limited amounts of compu- ting power available and time is of the essence [59]. By their nature, stream ciphers fit in the world of wireless communication where the information is transmitted in a stream of radio waves rather than in fixed-size chunks [59]. When using a stream cipher the plaintext message is typically processed through a substitution scheme to create the en- crypted ciphertext.
In our case of 802.11 security, the plaintext inputs are often processed by using a Boolean
Exclusive-OR (XOR) operation presented in Table 2. The XOR operation combines the
plaintext information with a pseudorandom bit-stream known as the keystream producing the encrypted ciphertext. The XOR process is fairly simple as there are only two possible values, 1 and 0. If the two input values are the same the XOR operation will produce the value 0 and if they are not the same the produced value will be 1. Because the XOR operation is an inverse of itself it means that a shared key can be used to encrypt and decrypt the produced ciphertext making it vulnerable if not implemented correctly. This also means that the same key should never be used twice when encrypting messages [53]. If an attacker can get hold of two messages that use the same encryption key, the messages can be easily decrypted.
Plaintext 1 0 1 0 1 1 0 0
Keystream 1 1 0 0 1 0 0 1
XOR output 0 1 1 0 0 1 0 1
Table 2 XOR process
Contrary to the stream cipher, block cipher encrypts the plaintext messages in fixed- length blocks and generates a block of ciphertext of the same length [53]. For example, a block cipher can be set to use a block size of 128 bits, in which case the input plaintext messages will be divided into blocks of 128 bits and the output ciphertext will be the same length of 128 bits. Because the sent message will most often be longer than the fixed block size of the cipher and the bits won't divide evenly into blocks, a padding of redun- dant bits must be added at the end of the last block to meet the 128-bit block size. De- pending on the block ciphers mode of operation, they are usually designed to use a simpler cryptographic function repeatedly on a block [56]. Each of the repeated cycles are simply referred to as rounds. Even though the number of rounds can increase the level of security, each iteration will have an effect on the ciphers performance making block ciphers slower to process than a stream cipher [53].
4.2. 802.11 security
The security mechanisms that are defined in the 802.11 standard have evolved a lot since the standard was originally released in 1997. The original legacy standard defined two authentication options, the Open System Authentication (OSA) and Shared Key Authen-
tication (SKA) [56]. As the cryptographic encryption protocol, the standard presents Wired Equivalent Privacy (WEP), which was soon found to be vulnerable due to poor
implementation and errors in its design. Because of these found vulnerabilities new and improved security mechanisms had to be implemented into the standard.
As an intermittent solution to replace the vulnerable WEP protocol the Wi-Fi Alliance took as its task to bring out a solution that could be implemented into the existing hard- ware with a simple firmware update [56]. The solution was taken from the at the time still unfinished 802.11i amendment and the Wi-Fi Protected Access (WPA) with Temporal
Key Integrity Protocol (TKIP) was released. In July of 2004, the 802.11i amendment was
approved defining the new enhanced security measures meant to replace the vulnerable legacy security options [60]. The 802.11i presents the new security mechanisms under the names Robust Security Network Associations (RSNA) and Robust Security Network (RSN) [60]. In the officially released 802.11i amendment the legacy security mechanisms have been dubbed as the pre-RSNA security mechanisms, but in this work we will be referring to them as legacy security mechanisms.
The 802.11i included the already released WPA-TKIP protocol as well as an improved version of the WPA protocol now named WPA2. WPA2 provides a stronger encryption algorithm as well as improved authentication mechanisms compared to WEP and WPA- TKIP. In addition, the 802.11i includes a stronger enterprise-level authentication frame- work 802.1x that uses the Extensible Authentication Protocol (EAP) authentication pro- tocol to validate the network users [56]. 802.1x was not originally targeted towards wire- less networks. It defines a system called Port-Based Access Control that was originally designed for 802.3 wired Ethernet networks [2]. The enterprise-level authentication ar- chitecture involves an external authentication server and other elements which are out of the scope of this work and will not be therefore discussed in more detail in this work. For a more detailed explanation of the 802.1x architecture, we refer to [9] and [56].
At the time of writing this work, the Wi-Fi Alliance has released a new version of the WPA consequently named as WPA3 [61]. WPA3 is yet again designed to fix some of the vulnerabilities and flaws found in its predecessor during the past 16 years. In this section, we are taking a closer look into the functions and vulnerabilities found in the 802.11 security mechanisms. There are of course other security solutions that have been imple- mented to enhance the WLAN security such as Virtual Private Network (VPN) solutions, SSID cloaking, MAC address filtering or the vulnerable Wi-Fi Protected Setup (WPS) developed by the Wi-Fi Alliance. However, these solutions are not defined in the 802.11
standard and for the scope of this work, we will be concentrating our discussion to the aforementioned security mechanisms defined in the 802.11 standard.