Overview

Teaching: 100 min
Exercises: 0 min

Questions

• Key question (FIXME)

Objectives

• First learning objective. (FIXME)

Encryption Methods for Securing Wireless Transmissions

Encryption is essential for securing wireless communications against eavesdropping, unauthorized access, and data tampering. Wireless networks transmit data through radio waves, making them inherently vulnerable to interception. Encryption ensures that even if attackers capture the signal, they cannot decipher its contents.

1. Symmetric vs. Asymmetric Encryption in Wireless Security

Encryption methods fall into two main categories:

Usage in Wireless Security

• Symmetric encryption (AES, TKIP) → Used in WiFi security (WPA2, WPA3).
• Asymmetric encryption (RSA, ECC) → Used in secure key exchange (TLS, VPNs, 5G security).

2. Wireless Encryption Standards (WiFi Security)

2.1 Wired Equivalent Privacy (WEP) [OUTDATED]

Weak Encryption – Do Not Use

• Key Length: 64-bit, 128-bit
• Vulnerabilities:
  • Easily cracked using packet capture tools (e.g., Aircrack-ng)
  • Uses weak RC4 cipher
• Cybersecurity Impact: Attackers can break WEP encryption in minutes.

Replace with WPA2 or WPA3 for stronger security.

2.2 WiFi Protected Access (WPA & WPA2)

🔹 WPA (WiFi Protected Access) [Obsolete]

• Uses TKIP (Temporal Key Integrity Protocol) for encryption
• More secure than WEP, but still vulnerable to brute-force attacks.

🔹 WPA2 (WiFi Protected Access 2) [Current Standard for Many Devices]

• Encryption Algorithm: AES-CCMP (Advanced Encryption Standard - Counter Mode with CBC-MAC)
• Key Strength: 128-bit, 256-bit
• Vulnerabilities:
  • WPA2-Personal (PSK) is vulnerable to brute-force dictionary attacks
  • KRACK (Key Reinstallation Attack) can allow attackers to decrypt WiFi traffic

Use WPA2-Enterprise (802.1X authentication) for corporate networks.

2.3 WPA3 (WiFi Protected Access 3) [Recommended for Maximum Security]

✔ Stronger Security – Latest Standard

• Uses Simultaneous Authentication of Equals (SAE) instead of PSK, making brute-force attacks harder.
• Forward Secrecy: Protects past communications even if encryption keys are compromised.
• 256-bit AES encryption with GCMP (Galois Counter Mode).
• Resistant to offline password cracking.

Use WPA3 for the best WiFi security, especially for IoT, smart home devices, and enterprise networks.

3. End-to-End Encryption for Wireless Data Protection

Wireless transmissions, especially in public networks, require end-to-end encryption (E2EE) to prevent man-in-the-middle (MITM) attacks.

3.1 Virtual Private Networks (VPNs)

Encrypts all internet traffic over wireless connections.

• Protocols Used:
  • IPSec (AES-256, SHA-2 encryption)
  • OpenVPN (AES, ChaCha20 for speed & security)
  • WireGuard (ChaCha20 encryption, lightweight)

Recommended for securing public WiFi connections against eavesdropping.

3.2 HTTPS & TLS Encryption for Secure Web Browsing

• TLS (Transport Layer Security) encrypts web traffic using:
  • AES-256 (Symmetric encryption)
  • RSA/ECC (Asymmetric encryption for key exchange)
  • Perfect Forward Secrecy (PFS) to prevent key compromise attacks

Ensure websites use HTTPS to protect data over WiFi.

3.3 Encrypted Messaging & Calls

• Signal Protocol: Used in WhatsApp, Signal (AES-256, Curve25519 for key exchange).
• ZRTP (Zimmermann Real-Time Transport Protocol): Encrypts VoIP calls (used in Secure Phone Apps).

Use end-to-end encrypted apps for private wireless communications.

4. Bluetooth & IoT Encryption for Wireless Devices

4.1 Bluetooth Security (Bluetooth 5.0 & BLE)

• AES-CCM encryption for data confidentiality
• Elliptic Curve Diffie-Hellman (ECDH) for secure pairing
• LE Secure Connections (Bluetooth 5.0) for stronger encryption

Security Risks:

• Bluejacking (sending spam messages)
• Bluesnarfing (stealing files via Bluetooth)
• Man-in-the-Middle attacks on weak pairing methods

Use Bluetooth 5.0+ and disable when not in use to prevent attacks.

4.2 IoT & 5G Encryption

IoT devices communicate wirelessly, making strong encryption essential.

• IoT Security Standards:
  • TLS 1.3 for secure data transmission
  • AES-256, ChaCha20 encryption for device security
  • Secure Boot & Firmware Signing to prevent tampering

Risk: Many IoT devices lack strong encryption, making them vulnerable to botnet attacks (e.g., Mirai botnet).

Use AES-256 encryption & update firmware regularly to secure IoT devices.

5. Secure Key Management for Wireless Encryption

Encryption is only as strong as its key management.

5.1 Public Key Infrastructure (PKI) for Secure Wireless Authentication

PKI uses digital certificates (X.509) to authenticate devices in WiFi Enterprise, 5G, VPNs.

• Protocols:
  • 802.1X authentication for WPA2-Enterprise networks
  • EAP-TLS (Extensible Authentication Protocol - TLS) for certificate-based authentication
  • Zero Trust Security: Ensures only verified users access the network

Use certificate-based authentication for enterprise & military networks.

6. Future Encryption Technologies for Wireless Security

Quantum-Safe Encryption

• Post-Quantum Cryptography (PQC) → Resistant to quantum attacks.
• Lattice-based cryptography (NIST-standardized).

AI-Driven Encryption

• Adaptive encryption algorithms that change based on network conditions & threats.

7. Conclusion

Securing wireless transmissions requires strong encryption methods such as WPA3, AES-256, TLS 1.3, and VPNs. Wireless networks are vulnerable to eavesdropping, MITM attacks, and unauthorized access, but proper encryption, authentication, and key management can mitigate these threats.

For the best security:

• Use WPA3 for WiFi.
• Encrypt wireless data with VPNs & TLS 1.3.
• Secure Bluetooth & IoT devices with AES-256.
• Implement Zero Trust & certificate-based authentication.

Key Points

• First key point. Brief Answer to questions. (FIXME)