?

Log in

Previous Entry | Next Entry

From security's point of view, Android detects 3 different types of Wi-Fi networks: Open, WEP, WPA(2)-PSK and WPS for Wi-Fi Direct. First and second types are barely used when security is really matters on the traffic. Practically, the only difference between them is the cost of the effort required to hack such network. The first case costs the inserting a spoofing device (like Linux notebook equipped by aircrack-ng or airmon-ng) into the proximity of the network that usually varies from 10 to 50 meters and depends on the antenna of Linux as well. Linux box may be turned into the spoofer by a simple procedure when it accepts all net packages and instead of throwing these of them which not address itself,  keeping them for further analysis.
The second case is also easy for hacking. Its weakness primarily stem from the short lenght of the group cipher keys (40 or 104 bits) and from that fact that actually WEP transmits several bytes of the calculated temporary key within each data packet. Literally, it's hackable by design.
The last method - WPA(2) - is derived from WEP's errors. Afrer the hanshaking procedure, it supports several pairwise cipher algorithms: CCMP and TKIP. Due to the knoun attack to the message intergrity check algorithm called Michael that used in TKIP, actually WPA used only with CCMP method.
At handshaking stage, WPA(2) supports two authentication modes: PSK (Pre Shared Key) and Enterprise. PSK assumes that any client knows the password/passphrase for network access. This is very handy for home Wi-Fi networks, but may be unacceptable for enterprises where such common password should be changed frequently (e.g. on every fired employee).
No one of the these three mentioned security types is useful for Wi-Fi Direct simply because it may be very annoying to type the password (6-8 non-trivial letters) on printers, game consoles and TVs. WPS comes to this area and allowed for enabling the network access by pressing an accept key on such devices. For Wi-Fi Direct, WPS is a only one supported access method.
Back to regular W-Fi, the following table summarizes the WiFiConfiguration options that should be used to establish AP and to connect to the established one.

WPA PSK(2)

WEP

Open

allowedAuthAlgorithms

OPEN,SHARED

clear()

allowedProtocols

RSN, WPA

RSN,WPA

RSN,WPA

allowedKeyManagement

WPA_PSK

NONE

NONE

allowedPairwiseCiphers

CCMP, TKIP

CCMP,TKIP

CCMP,TKIP

allowedGroupCiphers

WEP40, WEP104, CCMP,TKIP

WEP40,WEP104

WEP40, WEP104,CCMP,TKIP

preSharedKey

"\"" + password + "\""

"\"" + password + "\""


Implementaion of these settngs may looks like:


static public WifiConfiguration createConfigForWPAAccess(String ssid,
                                                         String password){
    WifiConfiguration wifiConf = new WifiConfiguration();
    wifiConf.SSID = ssid;
    // Protocols
    wifiConf.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
    wifiConf.allowedProtocols.set(WifiConfiguration.Protocol.WPA);
    // Key Management
    wifiConf.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_PSK);
    // Pairwise Ciphers
    wifiConf.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
    wifiConf.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP);
    // Group Ciphers
    wifiConf.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP);
    wifiConf.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP40);
    wifiConf.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP104);
    wifiConf.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.TKIP);
    wifiConf.preSharedKey = "\"".concat(password).concat("\n");

    return wifiConf;
}

Tags: