Explaining Wi-Fi Authentication and Encryption

By Ronald Pacchiano

January 27, 2006

A curious reader — eager to understand how wireless encryption and security works — runs two scenarios by our columnist. Read on to find out if logical assumptions pan out in the world of Wi-Fi.

I've been using a wireless network for a few months. I don't know much about (Wi-Fi) encryption and security, but I would like to get a better understanding so I can respond appropriately in certain situations. I've come up with couple of scenarios (based on what I know) to illustrate how I think the wireless devices would behave. If I'm incorrect in my assumptions, I was hoping that you could tell me why and explain what would actually happen. Here are my scenarios:

Scenario 1:
I configured my access point (AP) to use open authentication and a 64-bit WEP key. My client PC has also been configured to use open authentication, but I did not configure it with the WEP key. Instead, I intentionally left it blank. In such a situation, would the client PC still be able to establish a successful connection with the AP, even though it doesn't have the WEP key? Logically, I think that it would. Since the authentication is "open," the WEP key shouldn't matter. Or is the opposite true? That is, because the WEP key doesn't match that of the AP, would the client PC be prohibited from establishing a connection?

I've experimented with this a bit on my own and observed that the client PC will, in fact, connect to the AP, despite the fact that it doesn't have the proper WEP key. However, it doesn't seem to be able to send or receive any packets once it has been authenticated. I'll assume this is because of the incorrect WEP key, but if that is the problem, then why can it connect to the network at all?

Scenario 2:
I have an access point and a PC. Each has been properly configured with the same WEP key and they're communicating fine. If I go into the AP configuration and remove encryption while they're connected, would the client PC still maintain its connection to the AP or would it lose connectivity to the AP due to the encryption change? I assume that since encryption is no longer being used, the client PC would momentarily lose the connection to the AP, rescan for the wireless network, find the network, reconnect and continue transmitting. Since the encryption is gone, it should have no trouble reconnecting.

So what do you think? Are my assumptions correct in these scenarios? I've been researching this online, but can't seem to find the answers anywhere. Thanks!

I'm sorry to tell you this, but you're wrong in both situations. Let's take a look at the first scenario. Authentication is simply a way for the device to verify the identity of another device that's attempting to connect to it. So whether you're using open or shared authentication, the purpose is the same — to authenticate a wireless client to the network-controlling device (in this case an access point). However, each of these techniques goes about this in a different way.

The difference between open-system and shared-system authentication is that the shared system passes along additional information that could be used by a hacker to crack the WEP key.

This is how it works: With a shared-key authentication process the AP sends challenge text to the client in clear text, and then the client encrypts it and sends it back to the AP. If someone is sniffing or monitoring your transmission while this was happening, they could intercept a sample of plain text with its corresponding encrypted text. This gives the hacker a tremendous head start when attempting to break your encryption key, because all of the information to perform the decryption is contained in these two pieces of data.

Conversely, the open network authentication system doesn't pass on any information to the client in plain text, just the corresponding encrypted text. By removing that information, the process of breaking your encryption key is far more difficult. Since both authentication methods can use WEP, an open system is the preferred encryption method to employ. Because it doesn't pass on any additional data about the key, it's considered to be more secure.

You can't send or receive packets after the PC connects because the client PC was never actually authenticated to the access point — it associated to it. The confusion is understandable. Even though you have non-similar WEP keys, the two devices will still associate since that's the first step in establishing a connection.

During the association no information other than challenge/request handshake passes between the devices. The challenge handshake is the beginning of the authentication process, and the only way the two devices will authenticate is if they both have the same encryption key. Because the client PC didn't have the corresponding WEP key, it was able to associate to the AP, but not authenticate against it.

This applies to your second scenario as well. Even though the AP no longer has encryption enabled and is, as you said, open, the client PC is still looking for encrypted traffic. So removing the WEP key from the AP will cause the information passing from one device to the other to no longer have the same credentials, causing communication to cease.

Over the years, I've discovered there's no better way to learn than by experience. You have all the hardware you need to test these scenarios on your own, so give it a try. Don't worry about anything. There is little chance of you permanently damaging anything. Experiment a little bit. You should have no problem confirming everything we discussed here. Have fun!

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute
(Maximum characters: 1200). You have
characters left.