This chapter covers wireless security protocols, a critical topic for the SY0-701 Security+ exam under Objective 4.4 (Security Operations). You will learn the mechanisms behind WEP, WPA, WPA2, and WPA3, including how each protocol authenticates clients and encrypts data. Understanding these protocols is essential because wireless networks are ubiquitous and remain a prime attack vector; the exam will test your ability to choose the right protocol for a given scenario and identify weaknesses in each. By the end of this chapter, you will be able to differentiate between authentication and encryption methods, recognize common attacks like KRACK and dictionary attacks, and recommend the most secure configuration.
Jump to a section
Imagine a hotel where each guest gets a key card that grants access to their room, the gym, and the pool. The hotel uses a central system that issues these cards and verifies them at each door. Now, an attacker wants to break into rooms. They could try to clone a key card by reading its magnetic stripe (like capturing a Wi-Fi handshake). If the hotel uses old magnetic stripe technology, cloning is easy. But if the hotel uses encrypted RFID chips, the attacker would need the hotel's secret encryption key to clone the card. Even then, the hotel might use a rotating key system where the card and the door both change their shared secret periodically (like 802.11i's 4-way handshake with pairwise transient keys). An attacker who clones a card might get in once, but if the hotel also requires a PIN (like WPA3's SAE), the clone is useless without the PIN. The hotel also has a master key for staff, but that key is stored securely and never leaves the front desk (like the PMK in WPA2). If a guest loses their card, the front desk issues a new one with a different encryption key, invalidating the old one (like disassociation and reauthentication). This analogy maps to wireless security: the hotel's doors are access points, the key card is the client device, the encryption keys are the pairwise keys, and the central system is the authentication server (e.g., RADIUS). The attacker's goal is to capture the handshake and crack the PSK, or to perform a rogue AP attack by pretending to be the front desk.
What Are Wireless Security Protocols?
Wireless security protocols are sets of rules that govern how wireless devices authenticate to a network and encrypt data transmitted over the air. Without these protocols, any device within range could eavesdrop on or inject traffic. The SY0-701 exam expects you to know the evolution from WEP to WPA3, their encryption algorithms, authentication methods, and specific vulnerabilities. The core threats addressed are unauthorized access, eavesdropping, man-in-the-middle attacks, and data tampering.
How They Work Mechanically
All modern Wi-Fi security protocols follow a similar high-level process:
Discovery: The client (supplicant) sends probe requests; the access point (AP) responds with probe responses containing supported security parameters.
Authentication: The client and AP agree on an authentication method. For WPA2-Personal, this is a pre-shared key (PSK). For WPA2-Enterprise, it involves 802.1X with a RADIUS server.
Association: The client sends an association request; the AP responds with an association response.
Key Exchange: A 4-way handshake generates pairwise transient keys (PTK) from the pairwise master key (PMK). The PMK is derived from the PSK (in Personal mode) or from the authentication server (in Enterprise mode).
Encryption: Data is encrypted using the PTK and a group key (GTK) for broadcast/multicast traffic.
Key Components, Variants, and Standards
WEP (Wired Equivalent Privacy): Uses RC4 stream cipher with a 40-bit or 104-bit key. Static keys are shared among all devices. Vulnerable to IV reuse attacks (FMS attack, KoreK attack). An attacker can crack WEP in minutes using tools like aircrack-ng.
WPA (Wi-Fi Protected Access): Introduced as a firmware upgrade to WEP. Uses TKIP (Temporal Key Integrity Protocol) with RC4, but adds per-packet key mixing, a message integrity check (MIC) called Michael, and IV sequencing to prevent replay. Still vulnerable to attacks like Beck-Tews (2008) and KRACK (2017).
WPA2: Mandates CCMP (Counter Mode CBC-MAC Protocol) using AES-128. The 4-way handshake derives PTK and GTK. Vulnerable to KRACK (CVE-2017-13077 to CVE-2017-13088), which exploits a replay of the 3rd handshake message to force nonce reuse, allowing decryption of subsequent data.
WPA3: Introduces Simultaneous Authentication of Equals (SAE) for Personal mode, replacing PSK. SAE uses a Dragonfly handshake based on Diffie-Hellman with finite field or elliptic curve cryptography, providing forward secrecy and resistance to offline dictionary attacks. For Enterprise, WPA3-Enterprise uses 192-bit minimum security (CNSA Suite). WPA3 also includes Opportunistic Wireless Encryption (OWE) for open networks.
802.1X/EAP: Used in Enterprise modes. The client (supplicant) authenticates to a RADIUS server using EAP methods (e.g., EAP-TLS, PEAP, EAP-FAST). The RADIUS server then provides the PMK to the AP.
How Attackers Exploit / How Defenders Deploy
Attackers: - Rogue AP: An attacker sets up an AP with the same SSID to trick clients into connecting. The client then sends authentication credentials to the attacker. - Evil Twin: Similar to rogue AP but often with a stronger signal to force clients to connect. - KRACK Attack: Exploits the 4-way handshake in WPA2 by replaying the third message to reset the nonce, allowing decryption. - Dictionary Attack: For WPA2-Personal, the attacker captures the 4-way handshake (using airodump-ng) and then runs a tool like aircrack-ng or hashcat against the handshake file to guess the PSK. - WEP Cracking: Using tools like aireplay-ng to inject ARP packets and capture IVs, then aircrack-ng to recover the key.
Defenders:
Use WPA3 if all devices support it. If not, use WPA2 with CCMP and disable TKIP.
Use Enterprise mode with a strong EAP method (EAP-TLS with certificates) to avoid PSK weaknesses.
Implement rogue AP detection using wireless intrusion prevention systems (WIPS) like Cisco Adaptive Wireless IPS.
Use 802.1X with RADIUS logging to monitor authentication attempts.
Change default PSK and use a complex passphrase (20+ characters).
Real Command/Tool Examples
Capturing a WPA2 handshake:
sudo airodump-ng wlan0mon --bssid AA:BB:CC:DD:EE:FF -c 6 -w captureCracking the handshake:
sudo aircrack-ng -w wordlist.txt capture-01.capUsing hashcat with a converted hash:
hashcat -m 22000 capture.hccapx wordlist.txtChecking WPA3 support on a client:
iw dev wlan0 scan | grep -E "(WPA|RSN|SAE)"Configuring WPA3 on a Linux AP (hostapd):
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa_key_mgmt=SAE
ieee80211w=2Capture WPA2 4-Way Handshake
Place a wireless card in monitor mode using 'airmon-ng start wlan0'. Use 'airodump-ng' to find the target AP and note its BSSID and channel. Run 'airodump-ng --bssid <BSSID> -c <channel> -w capture wlan0mon' to capture packets. To force a client to deauthenticate and reconnect (giving you the handshake), use 'aireplay-ng -0 2 -a <BSSID> -c <ClientMAC> wlan0mon'. The handshake will appear in the capture file as a 4-way handshake (EAPOL frames). Tools like Wireshark can filter for 'eapol' to confirm.
Extract Handshake for Cracking
Use 'aircrack-ng capture-01.cap' to check if a handshake is present. If it says '1 handshake captured', you can proceed. Convert the .cap file to a format suitable for hashcat using 'cap2hccapx capture-01.cap capture.hccapx'. Alternatively, use 'hcxpcapngtool' from the hcxtools suite to create a hash file: 'hcxpcapngtool -o hash.hc22000 capture-01.cap'. This converts to the 22000 hash mode used by hashcat.
Crack the PSK with a Wordlist
Run hashcat with the 22000 mode: 'hashcat -m 22000 hash.hc22000 wordlist.txt'. For aircrack-ng: 'aircrack-ng -w wordlist.txt capture-01.cap'. The wordlist should be comprehensive (e.g., rockyou.txt). If the PSK is weak (common dictionary word, short phrase), it will be cracked quickly. If not, you may need to use rules or brute-force. The success of this attack depends on the complexity of the PSK; a strong 20-character random PSK is infeasible to crack.
Perform a KRACK Attack
The KRACK attack exploits the 4-way handshake in WPA2 by replaying the third message (Message 3) of the handshake. This causes the client to reinstall the same encryption key, resetting the nonce and replay counter. An attacker can then decrypt subsequent data packets. Tools like 'krackattacks-scripts' or 'mdk4' can be used. The attacker must be within range and able to capture the handshake. The attack is mitigated by patching clients and APs to not reinstall keys. WPA3 is resistant because the SAE handshake uses a different key derivation process.
Deploy Rogue AP Detection
Use a WIPS (Wireless Intrusion Prevention System) like Cisco Adaptive Wireless IPS or open-source tools like Kismet. Configure the system to monitor for APs with the same SSID as your network but different BSSID or different security settings (e.g., open vs. WPA2). When a rogue AP is detected, the system can send an alert and optionally perform a deauthentication attack against clients connected to the rogue AP. The analyst should investigate by checking the AP's location (using signal strength triangulation) and removing it. A common mistake is to assume that an AP with the same SSID is legitimate; always verify the BSSID and security settings.
Scenario 1: Enterprise Rogue AP Incident A SOC analyst receives an alert from the WIPS: an AP with SSID 'CorpNet' is detected on channel 11 with an unknown BSSID. The analyst checks the legitimate AP list and sees that CorpNet should be on channel 6 with BSSID AA:BB:CC:DD:EE:FF. The rogue AP is using open authentication, while the real network uses WPA2-Enterprise. The analyst uses Kismet to locate the rogue AP's approximate location by walking with a laptop and noting signal strength. The physical security team finds a small device plugged into an Ethernet jack in a conference room. The analyst disables the switch port and confiscates the device. A common mistake would be to ignore the alert because the SSID matches; always verify BSSID and security settings.
Scenario 2: WPA2 PSK Cracking Attempt A network engineer notices multiple deauthentication packets in the logs from an unknown MAC address. Using Wireshark, they see repeated 'Disassociation' frames from a MAC that is not a legitimate client. This is a deauth attack to force reconnections and capture handshakes. The engineer checks the wireless controller logs and sees that the same unknown MAC has been sending deauth packets for 10 minutes. They blacklist the MAC on the controller. The engineer then changes the PSK to a 30-character random string. A common mistake would be to ignore the deauths as normal interference; deauth attacks are a clear sign of an attempted handshake capture.
Scenario 3: WPA3 Migration A company is upgrading its wireless infrastructure. The security team recommends WPA3-Enterprise with EAP-TLS. They discover that some legacy IoT devices only support WPA2-PSK. The team decides to create a separate SSID for IoT devices using WPA2-PSK with a strong passphrase, and place them on a VLAN with restricted access. The main network uses WPA3-Enterprise. They also enable 802.11w (Management Frame Protection) to prevent deauth attacks. A common mistake would be to force all devices onto WPA3, causing connectivity issues, or to keep the entire network on WPA2 for compatibility.
What SY0-701 Tests Objective 4.4 includes comparing and contrasting wireless security protocols. The exam expects you to:
Identify the encryption algorithm used by each protocol (WEP: RC4, WPA: TKIP/RC4, WPA2: CCMP/AES, WPA3: GCMP/AES).
Know the authentication methods (WPA2-Personal vs. Enterprise, WPA3-SAE vs. Enterprise).
Recognize vulnerabilities: WEP (IV reuse), WPA (TKIP attacks), WPA2 (KRACK), WPA3 (dictionary attack resistance, but some side-channel attacks exist).
Understand the 4-way handshake and its role in key generation.
Differentiate between PSK and 802.1X.
Common Wrong Answers and Why 1. 'WPA2 uses TKIP': No, WPA2 mandates CCMP (AES). TKIP is only used in WPA. Candidates confuse WPA and WPA2. 2. 'WPA3 uses a pre-shared key': WPA3-Personal uses SAE, not PSK. The PSK concept is replaced by a password-based authentication that is resistant to offline dictionary attacks. 3. 'WEP is still secure if you use 128-bit keys': No, WEP is broken regardless of key length due to IV reuse and weak RC4 implementation. 4. 'WPA2-Enterprise is less secure than WPA2-Personal': False. Enterprise is more secure because it uses unique keys per session and can integrate with certificate-based authentication.
Specific Terms and Values - TKIP: Temporal Key Integrity Protocol, uses RC4 with 128-bit key, 48-bit IV. - CCMP: Counter Mode CBC-MAC Protocol, uses AES-128. - GCMP: Galois/Counter Mode Protocol, used in WPA3, uses AES-128 or AES-256. - SAE: Simultaneous Authentication of Equals, based on Dragonfly key exchange. - 4-way handshake: Messages 1-4, derive PTK from PMK. - PMK: Pairwise Master Key (256 bits). - PTK: Pairwise Transient Key (derived from PMK, ANonce, SNonce, MACs). - GTK: Group Temporal Key (used for broadcast/multicast).
Common Trick Questions - Question asks: 'Which protocol uses a 4-way handshake?' The answer is WPA2 (and WPA3). But some candidates might think only WPA2 does. - Question: 'Which protocol provides forward secrecy?' Answer: WPA3 (SAE). WPA2 does not. - Question: 'Which protocol is vulnerable to offline dictionary attacks?' Answer: WPA2-Personal (PSK). WPA3-SAE is not.
Decision Rule When given a scenario requiring a wireless security recommendation, first determine if the devices support WPA3. If yes, choose WPA3. If not, use WPA2 with CCMP and disable TKIP. If the scenario mentions 'legacy devices' or 'IoT', consider WPA2-PSK with a strong passphrase. If the scenario mentions 'enterprise', 'RADIUS', or 'certificates', choose WPA2-Enterprise or WPA3-Enterprise. If the scenario mentions 'open network' or 'guest', consider WPA3-OWE (Opportunistic Wireless Encryption). For attack scenarios, look for keywords like 'handshake captured', 'deauth', or 'KRACK' to identify the vulnerability.
WEP uses RC4 with a 24-bit IV; broken due to IV reuse and weak key scheduling.
WPA introduced TKIP as a firmware upgrade; still uses RC4 but with per-packet key mixing and Michael MIC.
WPA2 mandates CCMP with AES-128; vulnerable to KRACK (CVE-2017-13077).
WPA3 uses SAE (Dragonfly) for Personal mode, providing forward secrecy and offline dictionary attack resistance.
WPA3-Enterprise requires 192-bit minimum security (CNSA Suite) for government use.
The 4-way handshake in WPA2/3 derives PTK from PMK; the PMK is derived from PSK or RADIUS.
802.1X/EAP enables per-user authentication in Enterprise mode; EAP-TLS is the most secure EAP method.
Management Frame Protection (802.11w) prevents deauthentication attacks; mandatory in WPA3.
WPA3-OWE (Opportunistic Wireless Encryption) encrypts open networks without authentication.
Always use WPA3 if supported; otherwise, use WPA2 with CCMP and disable TKIP.
These come up on the exam all the time. Here's how to tell them apart.
WPA2-Personal
Uses a pre-shared key (PSK) that is the same for all clients.
Authentication is handled by the AP using the PSK.
No RADIUS server required; simpler to set up.
Vulnerable to offline dictionary attacks if the PSK is weak.
No user accountability; all users share the same key.
WPA2-Enterprise
Uses 802.1X with a RADIUS server for authentication.
Each user has unique credentials (username/password or certificate).
Requires a RADIUS server and more complex configuration.
Resistant to offline dictionary attacks because the PMK is derived from the RADIUS server, not a shared key.
Provides user-level logging and accountability.
WPA2
Uses CCMP (AES-128) for encryption.
Uses 4-way handshake with PSK or 802.1X.
Vulnerable to KRACK attack (nonce reuse).
No forward secrecy; if the PSK is compromised, past traffic can be decrypted.
Management frame protection (802.11w) is optional.
WPA3
Uses GCMP (AES-128 or AES-256) for encryption.
Uses SAE (Dragonfly) for Personal mode, 192-bit minimum for Enterprise.
Resistant to KRACK due to different key derivation.
Provides forward secrecy; past traffic cannot be decrypted even if the password is known.
Mandates management frame protection (802.11w).
WEP
Uses RC4 stream cipher with 40 or 104-bit key.
Static key shared among all devices.
24-bit IV, reused frequently.
Weak integrity check (CRC-32).
Can be cracked in minutes using tools like aircrack-ng.
WPA
Uses TKIP (RC4 with per-packet key mixing).
Uses a dynamically derived key per session.
48-bit IV, sequencing to prevent replay.
Stronger integrity check (Michael MIC).
Vulnerable to some attacks (e.g., Beck-Tews) but more secure than WEP.
Mistake
WPA2 uses TKIP for encryption.
Correct
WPA2 mandates CCMP (AES) as the encryption protocol. TKIP was used in WPA as an upgrade to WEP, but WPA2 requires CCMP. Some WPA2 implementations may support TKIP for backward compatibility, but the standard requires CCMP.
Mistake
WPA3 is completely immune to all attacks.
Correct
WPA3 is more secure, but it has vulnerabilities. For example, the Dragonfly handshake is susceptible to side-channel attacks (e.g., timing attacks) if not implemented correctly. Additionally, WPA3 still relies on the security of the password; a weak password can be guessed online (though offline dictionary attacks are prevented).
Mistake
WEP is secure if you use a 128-bit key.
Correct
WEP is fundamentally flawed because it uses a static key and a small IV (24 bits) that repeats after a few thousand packets. Attackers can capture enough IVs to recover the key regardless of key length. The RC4 algorithm also has weaknesses that make it susceptible to statistical attacks.
Mistake
WPA2-Enterprise is less secure than WPA2-Personal because it requires a RADIUS server.
Correct
WPA2-Enterprise is actually more secure because each user gets unique credentials, and the authentication is handled by a RADIUS server, often using certificates. This prevents an attacker who knows one user's password from accessing the network, and it provides better auditing and control.
Mistake
The 4-way handshake only occurs once per session.
Correct
The 4-way handshake can occur multiple times during a session, for example, when a client roams to a different AP or when keys are refreshed. The handshake is also used to generate new PTKs periodically to limit the amount of data encrypted with the same key.
WPA2-Personal uses a pre-shared key (PSK) that is the same for all clients, making it simple but vulnerable to dictionary attacks if the PSK is weak. WPA2-Enterprise uses 802.1X with a RADIUS server, allowing each user to have unique credentials (e.g., username/password or certificates). Enterprise provides better security, accountability, and resistance to offline attacks. For the exam, remember that Personal = PSK, Enterprise = RADIUS.
WPA3 is not directly backward compatible because it uses a different authentication method (SAE) and encryption (GCMP). However, many WPA3 routers support a 'mixed mode' that allows both WPA2 and WPA3 clients to connect. In mixed mode, the network uses WPA3 for capable devices and WPA2 for legacy devices. This reduces security to the level of WPA2. For the exam, know that WPA3 is not backward compatible without mixed mode.
KRACK (Key Reinstallation Attack) exploits the 4-way handshake in WPA2. The attacker captures and replays the third handshake message, causing the client to reinstall the same encryption key. This resets the nonce and replay counter, allowing the attacker to decrypt subsequent data. The attack affects both WPA2-Personal and WPA2-Enterprise. It is mitigated by patching clients and APs. WPA3 is not vulnerable because the SAE handshake does not have the same key reinstallation issue.
WPA3 uses GCMP (Galois/Counter Mode Protocol) with AES. For WPA3-Personal, it uses AES-128. For WPA3-Enterprise, it can use AES-128 or AES-256, with a minimum of 192-bit security (CNSA Suite) for government use. GCMP provides both encryption and integrity checking. This is different from WPA2 which uses CCMP (AES-128).
SAE (Simultaneous Authentication of Equals) is the authentication method used in WPA3-Personal. It replaces the PSK-based 4-way handshake of WPA2. SAE uses a Dragonfly key exchange based on Diffie-Hellman, providing forward secrecy and resistance to offline dictionary attacks. Even if an attacker captures the handshake, they cannot crack the password offline. The password is only used to derive a shared secret during the handshake.
Yes, WPA2-Personal is vulnerable to offline dictionary attacks. An attacker captures the 4-way handshake and then tries common passwords against it using tools like aircrack-ng or hashcat. If the PSK is a common word or short phrase, it can be cracked quickly. To mitigate, use a complex, random PSK of at least 20 characters, or use WPA2-Enterprise which does not rely on a shared key.
802.11w, also known as Management Frame Protection (MFP), protects management frames (e.g., deauthentication, disassociation) from forgery. Without MFP, an attacker can send fake deauthentication frames to disconnect clients (deauth attack). 802.11w encrypts and authenticates these frames. It is optional in WPA2 but mandatory in WPA3. For the exam, remember that WPA3 requires MFP, while WPA2 does not.
You've just covered Wireless Security Protocols — now see how well it sticks with free SY0-701 practice questions. Full explanations included, no account needed.
Done with this chapter?