This chapter covers wireless security protocols, a critical topic for the N10-009 exam's Network Security domain (Objective 4.5). You will learn the evolution from WEP to WPA3, how each protocol encrypts data and authenticates clients, and the specific vulnerabilities that led to each successive standard. Expect approximately 10–15% of exam questions to touch on wireless security, focusing on identifying the correct protocol for a given scenario, recognizing attack types, and understanding configuration settings.
Jump to a section
Imagine a bank vault that stores valuable assets (data). The vault has a door with multiple locking mechanisms. WEP is like a simple padlock that can be picked with a paperclip in seconds—it uses a fixed key (RC4 stream cipher) that never changes, so once an attacker captures enough packets, they can derive the key and open the lock. WPA is like a combination lock where the combination changes every time the door is closed (TKIP per-packet key mixing), making it harder to crack, but still vulnerable to certain attacks because the underlying algorithm has weaknesses. WPA2 is like a modern electronic lock using AES-CCMP, which requires a precise 128-bit key and uses a secure handshake (4-way handshake) to establish a session key. An attacker would need to either guess the master key or break AES, which is computationally infeasible. WPA3 is like a biometric lock that also uses a unique temporary code for each person (SAE handshake), preventing offline dictionary attacks even if the attacker records the entire handshake. Each protocol represents a different level of security, with older ones easily bypassed and newer ones offering robust protection against common attack vectors.
What Are Wireless Security Protocols and Why Do They Exist?
Wireless security protocols are sets of cryptographic rules that protect data transmitted over Wi-Fi networks. Unlike wired networks, where physical access to the cable provides some security, wireless signals propagate through the air and can be intercepted by anyone within range. Without encryption and authentication, an attacker could eavesdrop on all traffic, inject malicious frames, or impersonate legitimate users. The protocols define how devices (stations) and access points (APs) authenticate each other and encrypt data frames.
The Evolution: WEP → WPA → WPA2 → WPA3
WEP (Wired Equivalent Privacy) – Introduced in 1997 as part of the original 802.11 standard. It uses the RC4 stream cipher with either 40-bit or 104-bit keys (combined with a 24-bit initialization vector, IV, for a total of 64 or 128 bits). The IV is sent in plaintext, and because RC4 is a stream cipher, keystream reuse is catastrophic. WEP has no key management; the same static key is used by all clients. An attacker can capture packets and use tools like aircrack-ng to recover the key after collecting enough IVs (typically 20,000–40,000). WEP is considered broken and should never be used.
WPA (Wi-Fi Protected Access) – Released in 2003 as a stopgap after WEP's weaknesses became widely known. It uses TKIP (Temporal Key Integrity Protocol) which still uses RC4 but adds per-packet key mixing, a message integrity check (MIC, called Michael), and a rekeying mechanism. TKIP changes the encryption key for every packet, preventing the IV collision attacks that broke WEP. However, TKIP has its own vulnerabilities, such as the Beck-Tews attack (2008) which can decrypt small packets, and the more serious Hole196 vulnerability. WPA also introduced 802.1X authentication for enterprise networks, using EAP (Extensible Authentication Protocol) and a RADIUS server.
WPA2 (Wi-Fi Protected Access 2) – Ratified in 2004 with 802.11i. It replaces TKIP with CCMP (Counter Mode CBC-MAC Protocol) based on AES (Advanced Encryption Standard) with a 128-bit key. AES-CCMP provides strong encryption and integrity. The 4-way handshake is used to derive pairwise transient keys (PTK) from a pairwise master key (PMK). WPA2 can operate in two modes: - Personal (PSK): Uses a pre-shared key (passphrase) that is hashed to produce the PMK. Any client knowing the passphrase can connect. - Enterprise (802.1X): Uses a RADIUS server for authentication, with the PMK derived from EAP authentication. This provides per-user keys and centralized control.
WPA2 is still widely used but is vulnerable to KRACK (Key Reinstallation Attack, 2017) which exploits the 4-way handshake to force nonce reuse, allowing decryption of some packets. Also, dictionary attacks against the PSK are possible if the attacker captures the 4-way handshake.
WPA3 (Wi-Fi Protected Access 3) – Announced in 2018 and mandatory for new devices since 2020. WPA3 introduces: - SAE (Simultaneous Authentication of Equals): Replaces the PSK-based 4-way handshake. SAE uses a Dragonfly handshake based on the Diffie-Hellman key exchange, which provides forward secrecy and is resistant to offline dictionary attacks. An attacker cannot brute-force the passphrase after capturing the handshake. - 192-bit security suite: For enterprise networks, WPA3-Enterprise uses 192-bit AES-GCMP (Galois/Counter Mode Protocol) and mandates EAP-TLS with a secure key derivation. - OWE (Opportunistic Wireless Encryption): For open networks, OWE provides encryption without authentication (like a captive portal scenario). It uses Diffie-Hellman to derive a session key, preventing passive eavesdropping.
How the 4-Way Handshake Works (WPA2/WPA3)
The 4-way handshake is the core mechanism that establishes encryption keys between a client and AP. It assumes both parties already have the PMK (from PSK or 802.1X).
AP sends ANonce – The AP generates a random number (ANonce) and sends it to the client.
Client sends SNonce + MIC – The client generates its own random number (SNonce). Both client and AP now compute the PTK using the PMK, ANonce, SNonce, and MAC addresses. The client sends its SNonce plus a Message Integrity Code (MIC) to prove it knows the PMK.
AP sends GTK + MIC – The AP verifies the MIC, then sends the Group Temporal Key (GTK) encrypted with the PTK, along with a MIC. The GTK is used for multicast/broadcast traffic.
Client sends ACK – The client decrypts the GTK and sends an acknowledgment. Encryption begins.
In WPA3, the handshake is replaced by SAE, which uses a commit-and-confirm exchange to establish a shared secret without exposing the password to offline attack.
Key Components, Defaults, and Timers
Ciphers:
- WEP: RC4 - WPA: TKIP (RC4) - WPA2: CCMP (AES) - WPA3: GCMP-256 (AES) for enterprise; CCMP-128 for personal - Key lengths:
- WEP: 64 or 128 bits (including IV) - WPA: 128-bit temporal key - WPA2: 128-bit AES key - WPA3: 128-bit (personal) or 192-bit (enterprise) - Authentication:
- Open: no authentication - Shared Key (WEP): uses challenge-response with RC4 (broken) - PSK: passphrase (8–63 ASCII characters) hashed to PMK - 802.1X: RADIUS server with EAP methods (EAP-TLS, PEAP, EAP-FAST) - Group key rotation: Default every 86400 seconds (24 hours) for WPA2; configurable. - PMK lifetime: For 802.1X, determined by RADIUS session timeout (default 3600 seconds).
Configuration and Verification Commands
On a Cisco wireless LAN controller (WLC), configure a WPA2-PSK SSID:
config wlan security wpa enable 1
config wlan security wpa wpa2 ciphers aes enable 1
config wlan security wpa akm psk set-key ascii MySecurePassphrase 1
config wlan security wpa akm psk enable 1On a Linux host using wpa_supplicant, the configuration file (/etc/wpa_supplicant/wpa_supplicant.conf) looks like:
network={
ssid="MySSID"
psk="MyPassphrase"
proto=RSN
pairwise=CCMP
group=CCMP
}To verify the security protocol in use on a client:
Windows: netsh wlan show interfaces – look for "Authentication" and "Cipher" fields.
macOS: Hold Option and click Wi-Fi icon; see "Security" type.
Linux: iw dev wlan0 link shows the security type.
Interaction with Related Technologies
Wireless security protocols interact with: - RADIUS: In WPA2/3-Enterprise, the AP acts as a RADIUS client, forwarding authentication requests to the server. - EAP: Various EAP methods (EAP-TLS, PEAP, EAP-FAST) transport authentication data over 802.1X. - 802.1X: Provides port-based access control; the AP blocks all traffic until authentication succeeds. - Captive portals: Often used with open networks; OWE in WPA3 adds encryption before the portal. - Fast roaming: Protocols like 802.11r (Fast BSS Transition) reduce re-authentication delay by caching keys.
Vulnerabilities and Attacks
WEP: IV reuse, weak key schedule, static keys → fully broken.
WPA-TKIP: Beck-Tews attack (decrypt short packets), Hole196 (exploits group key).
WPA2: KRACK (replay of handshake messages to force nonce reuse), PSK dictionary attack.
WPA3: Dragonblood (side-channel attacks on SAE, downgrade attacks). Most are mitigated in updated implementations.
Exam Relevance
N10-009 tests:
Identifying the correct protocol for a given scenario (e.g., "Which protocol provides the strongest security?" → WPA3).
Knowing which cipher each protocol uses (TKIP vs CCMP vs GCMP).
Understanding the difference between Personal and Enterprise modes.
Recognizing attack types (KRACK, dictionary attack, IV attack).
Remembering that WEP is broken and should never be used.
Common wrong answers: confusing TKIP with AES, thinking WPA2 uses TKIP by default, or believing WPA3 uses the same 4-way handshake as WPA2.
Client discovers AP via beacons
The access point periodically broadcasts beacon frames containing its SSID, supported security capabilities (e.g., WPA2, CCMP), and other parameters. The client (station) listens for beacons or sends a probe request to discover nearby APs. The AP responds with a probe response containing similar information. At this stage, no encryption or authentication has occurred; the client simply learns what security protocols the AP supports. The client will then select the best security option it can support, typically preferring WPA3 over WPA2 over WPA over WEP.
Open Authentication (or null authentication)
Before any security handshake, the client must perform 802.11 Open System Authentication. This is a two-step process: the client sends an authentication frame, and the AP responds with an authentication frame indicating success. This step does not verify identity; it simply establishes a basic association. Even WPA2/WPA3 networks require this step first. After open authentication, the client sends an association request including its capabilities (e.g., supported ciphers). The AP responds with an association response, and the client is now 'associated' but not yet authorized to send data. The AP will block all data traffic until the 4-way handshake completes.
4-Way Handshake (WPA2) or SAE (WPA3)
In WPA2, the AP sends an ANonce (Authenticator Nonce) to the client. The client generates its own SNonce (Supplicant Nonce) and computes the Pairwise Transient Key (PTK) using the PMK, ANonce, SNonce, and both MAC addresses. The client sends its SNonce plus a MIC to prove it has the PMK. The AP verifies the MIC, then sends the Group Temporal Key (GTK) encrypted with the PTK. The client acknowledges. In WPA3, the SAE handshake uses a commit-confirm exchange based on Diffie-Hellman, establishing a shared secret without revealing the password. After this step, both parties have session keys and encryption begins.
Data encryption with CCMP or GCMP
Once the keys are established, all unicast data frames are encrypted using AES-CCMP (WPA2) or AES-GCMP (WPA3). CCMP uses AES in CCM mode (Counter with CBC-MAC) which provides both confidentiality and integrity. Each packet gets a unique nonce (constructed from the packet number, priority, and MAC address) to prevent replay attacks. The packet number (PN) is incremented for each frame and is included in the header to ensure ordering. For multicast/broadcast traffic, the GTK is used. The encryption is transparent to upper-layer protocols; the client and AP handle encryption/decryption in the wireless NIC driver.
Key renewal and disconnection
Keys are not permanent. The GTK is periodically refreshed (default every 86400 seconds) to limit exposure if a client leaves the network. In 802.1X, the PMK can be re-derived via a new EAP authentication (session timeout). When a client disassociates, the AP removes its key cache. If a client roams to another AP, fast roaming protocols like 802.11r allow key caching to speed up re-authentication. Without fast roaming, the client must repeat the entire handshake with the new AP, causing a brief interruption (50–150 ms).
Enterprise Deployment: WPA2-Enterprise with 802.1X
A large corporation with 5000 employees deploys WPA2-Enterprise using a Cisco WLC and a RADIUS server (e.g., Cisco ISE). Each employee has a unique username/password or certificate. The SSID is configured with AES only (TKIP disabled) to avoid mixed-mode vulnerabilities. The RADIUS server enforces 802.1X with PEAP-MSCHAPv2. When an employee connects, their device performs the 4-way handshake with the AP, but the PMK comes from the RADIUS server after successful EAP authentication. This provides per-user keys: even if one employee's credentials are compromised, other users are not affected. The network team sets a RADIUS session timeout of 8 hours, forcing re-authentication after that period. They also enable 802.11r for fast roaming, reducing handoff latency to under 20 ms. A common issue is certificate validation errors: if the RADIUS server's certificate is not trusted by the client, authentication fails. The team must ensure the CA certificate is deployed to all devices via MDM or GPO.
Small Office: WPA2-PSK
A small business with 20 employees uses WPA2-PSK with a strong passphrase (20+ random characters). The AP is a consumer-grade device. The main risk is that the passphrase is shared among all employees; if an employee leaves, the passphrase must be changed on all devices. Also, the PSK is vulnerable to offline dictionary attacks if the 4-way handshake is captured. To mitigate, the business should enable PMF (Protected Management Frames) if supported, and disable WPS (Wi-Fi Protected Setup) which can be brute-forced in hours. A common mistake is using a weak passphrase like the company name, which can be cracked quickly.
Public Hotspot: WPA3-OWE
A coffee shop wants to provide free Wi-Fi without a password but still protect customers from eavesdropping. They deploy WPA3-OWE (Opportunistic Wireless Encryption). When a customer connects, their device performs an unauthenticated Diffie-Hellman exchange with the AP, establishing a unique session key. All traffic is encrypted, preventing passive sniffing. However, there is no authentication, so the AP cannot prevent unauthorized use. The coffee shop uses a captive portal for terms of service acceptance. A common misconfiguration is that older devices without WPA3 support will see the network as 'open' but cannot connect via OWE; the AP must be configured to allow fallback to open for legacy devices, which negates encryption. The solution is to have two SSIDs: one for WPA3-OWE and one for legacy open (with a warning).
N10-009 Exam Focus on Wireless Security Protocols (Objective 4.5)
The exam tests your ability to:
Compare and contrast the security features of WEP, WPA, WPA2, and WPA3.
Identify the correct cipher and authentication method for a given scenario.
Recognize vulnerabilities and attacks specific to each protocol.
Understand the difference between Personal (PSK) and Enterprise (802.1X) modes.
Common Wrong Answers and Why Candidates Choose Them
Confusing TKIP and CCMP: Many candidates think WPA2 uses TKIP because it's associated with WPA. In reality, WPA2 mandates CCMP (AES) as the default cipher; TKIP is optional for backward compatibility. The exam will ask: "Which cipher does WPA2 use?" The wrong answer is often TKIP. Remember: WPA = TKIP, WPA2 = CCMP.
Thinking WPA3 uses the 4-way handshake: WPA3 replaces the 4-way handshake with SAE. Candidates who memorize the 4-way handshake for WPA2 may incorrectly apply it to WPA3. The exam asks: "What handshake does WPA3 use?" The correct answer is SAE (Simultaneous Authentication of Equals).
Believing WEP is still acceptable: Some candidates think WEP with a 128-bit key is secure. The exam will include a scenario where a network uses WEP, and you must identify it as insecure. Always choose the strongest available protocol.
Mixing up Personal and Enterprise: Personal uses a shared passphrase; Enterprise uses a RADIUS server. Candidates may think Enterprise requires a passphrase. The exam scenario might describe a network with 1000 users and ask for the best authentication method – the answer is Enterprise.
Specific Numbers and Terms to Memorize
WEP key sizes: 64-bit (40-bit key + 24-bit IV) and 128-bit (104-bit key + 24-bit IV).
WPA2 uses AES-CCMP with 128-bit keys.
WPA3-Enterprise uses 192-bit AES-GCMP.
PSK passphrase length: 8–63 ASCII characters.
Group key rotation interval: default 86400 seconds (24 hours).
4-way handshake steps: ANonce, SNonce+MIC, GTK+MIC, ACK.
KRACK attack: exploits WPA2 4-way handshake.
Dragonblood attack: side-channel on WPA3 SAE.
Edge Cases and Exceptions
Mixed-mode networks: Some APs support both WPA and WPA2 (transition security network). The exam might ask about vulnerabilities in such configurations (e.g., attackers can force clients to use TKIP).
WPA3 downgrade: If a client does not support WPA3, it may fall back to WPA2. This is a security concern because the handshake is weaker.
WPS: Not a security protocol per se, but often tested. WPS allows PIN-based setup; it is vulnerable to brute-force attacks (8-digit PIN, last digit is a checksum, so only 10^7 guesses).
802.11w (PMF): Protected Management Frames, which prevent deauthentication attacks. The exam may ask which security protocol supports PMF (WPA2 and WPA3 do, but it's optional in WPA2 and mandatory in WPA3).
How to Eliminate Wrong Answers
If the question mentions "RC4" or "stream cipher", eliminate WPA2 and WPA3 – only WEP and WPA use RC4.
If the question mentions "AES" or "CCMP", eliminate WEP and WPA.
If the question mentions "802.1X" or "RADIUS", the answer is Enterprise mode.
If the question mentions "offline dictionary attack", the vulnerable protocol is WPA2-PSK; WPA3-SAE is resistant.
If the question asks about the most secure protocol, choose WPA3-Enterprise (192-bit) if available, otherwise WPA3-Personal or WPA2-Enterprise.
WEP uses RC4 with a 24-bit IV and is completely broken; never use it.
WPA uses TKIP (RC4) with per-packet key mixing; vulnerable to Beck-Tews and Hole196.
WPA2 mandates AES-CCMP with 128-bit keys; vulnerable to KRACK and PSK dictionary attacks.
WPA3 uses SAE (Dragonfly handshake) for personal and 192-bit AES-GCMP for enterprise.
Personal mode uses a shared passphrase (PSK); Enterprise mode uses 802.1X with RADIUS.
The 4-way handshake (WPA2) exchanges ANonce, SNonce, and GTK; SAE (WPA3) uses commit-confirm.
Group key rotation default is 86400 seconds (24 hours).
KRACK attacks WPA2 by replaying handshake messages to force nonce reuse.
WPA3-OWE provides encryption for open networks without authentication.
Always choose the most secure protocol supported by all devices; currently WPA3 if available.
These come up on the exam all the time. Here's how to tell them apart.
WPA2-Personal (PSK)
Uses a single pre-shared passphrase shared by all users.
No central authentication server required; simple setup.
Vulnerable to offline dictionary attacks if handshake is captured.
Difficult to revoke access for a single user; passphrase must be changed.
Suitable for small home or office networks with few users.
WPA2-Enterprise (802.1X)
Each user authenticates individually via 802.1X and RADIUS.
Requires a RADIUS server and PKI for certificates (EAP-TLS).
Resistant to offline dictionary attacks; PMK is derived per session.
Easy to revoke access for a single user via RADIUS.
Suitable for large organizations with many users and high security needs.
WPA3-Personal (SAE)
Uses SAE handshake resistant to offline dictionary attacks.
Provides forward secrecy – past sessions cannot be decrypted if passphrase is compromised.
Mandates 128-bit AES-CCMP encryption.
Suitable for home and small business networks.
Simpler deployment than Enterprise mode.
WPA3-Enterprise (192-bit)
Uses 192-bit AES-GCMP encryption for stronger security.
Requires EAP-TLS with a PKI and RADIUS server.
Provides the highest level of security for sensitive environments.
Suitable for government, military, and financial institutions.
More complex to deploy and manage.
Mistake
WPA2 uses TKIP by default.
Correct
WPA2 uses AES-CCMP as the mandatory cipher. TKIP is only included for backward compatibility with WPA. In WPA2-only mode, TKIP should be disabled to avoid vulnerabilities.
Mistake
WPA3 is backwards compatible with WPA2 devices.
Correct
WPA3 is not directly backwards compatible. WPA3 uses SAE instead of the 4-way handshake. Some APs support mixed-mode (WPA3/WPA2 transition), but this can be downgraded by attackers.
Mistake
WEP with a 128-bit key is secure enough for home use.
Correct
WEP is completely broken regardless of key length. Tools like aircrack-ng can recover a 128-bit WEP key in minutes by capturing enough packets. WEP should never be used.
Mistake
PSK and Enterprise modes both use the same 4-way handshake.
Correct
Both use the 4-way handshake, but the PMK is derived differently. In PSK, the PMK is derived directly from the passphrase. In Enterprise, the PMK is derived from EAP authentication and is unique per user.
Mistake
KRACK only affects WPA2-Personal.
Correct
KRACK affects both WPA2-Personal and WPA2-Enterprise. It exploits the 4-way handshake to force nonce reuse. Patches are available, but the protocol itself is vulnerable.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
WPA2-Personal uses a pre-shared key (passphrase) that is the same for all users. WPA2-Enterprise uses 802.1X authentication with a RADIUS server, giving each user unique credentials. Enterprise is more secure because keys are per-user and can be revoked individually, but it requires a RADIUS server and more complex setup. For the exam, remember that Enterprise is used in large organizations, Personal in small networks.
KRACK (Key Reinstallation Attack) exploits the 4-way handshake in WPA2. An attacker forces the client to reinstall an already-in-use key by replaying handshake messages, leading to nonce reuse and allowing decryption of some packets. It affects both Personal and Enterprise modes. WPA3 is not vulnerable because it uses SAE instead of the 4-way handshake.
WPA3 requires hardware that supports the new handshake (SAE) and ciphers (GCMP). Many Wi-Fi 6 devices support WPA3, but older Wi-Fi 5 devices may not. Some APs support mixed-mode (WPA3/WPA2 transition) to allow legacy devices, but this reduces security. For the exam, know that WPA3 is mandatory for Wi-Fi 6 certification.
OWE (Opportunistic Wireless Encryption) is a feature of WPA3 that provides encryption for open networks (no password). It uses Diffie-Hellman key exchange to derive a session key, preventing passive eavesdropping. However, it does not authenticate clients, so anyone can connect. OWE is often used in public hotspots with a captive portal.
The default group key rotation interval is 86400 seconds, or 24 hours. This is the time after which the AP changes the GTK used for multicast/broadcast traffic. Shorter intervals improve security but increase overhead. The exam may ask for this default value.
Yes, WPA2-Personal is vulnerable to offline dictionary attacks. If an attacker captures the 4-way handshake (e.g., by deauthenticating a client and reconnecting), they can try common passphrases against the captured data. WPA3-SAE prevents this because the handshake does not reveal information that can be used offline.
TKIP (Temporal Key Integrity Protocol) is used in WPA and uses RC4 encryption with per-packet key mixing and a MIC called Michael. CCMP (Counter Mode CBC-MAC Protocol) is used in WPA2 and uses AES encryption with CCM mode for both confidentiality and integrity. CCMP is much stronger and is mandatory in WPA2.
You've just covered Wireless Security Protocols — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?