2

I was reading that WPA2-PSK encrypts layer 2 of the OSI network model. What is the danger of having this layer in plaintext (I know it can be decrypted very easily from within the network)? Is there a point to encrypting it when all higher layer traffic is visible, unless outside sources provide protection, i.e. HTTPS? In addition, if encryption occurs at layer 6 for HTTPS, is every layer below 5 (HTTP) also protected?

Vilican
  • 2,703
  • 8
  • 21
  • 35
dylan7
  • 737
  • 8
  • 17

1 Answers1

0

Your interpretation is incorrect. WPA2-PSK doesn't completely encrypt layer 2 information. Management frames are unencrypted (except in cases where management frame protection is implemented). MAC addresses of all communicating parties can also be observed, which somewhat helps to analyze communication flows and gain general information on the network. The sizes of exchanged packets are visible as well, being somewhat useful in understanding what's going on in the network. An attacker can also send dis-association frames, which would cause denial of service.

The payload of the 802.11 frame IS encrypted, meaning that layer 4,5,6 and 7 information IS encrypted.

That encryption is only for the network "outsiders", running PSK would allow you to eavesdrop once you've got the key and you're on the network. This is where other layers' protocol security kicks in (HTTPS, SSH, etc.).

In general, from a practical security point of view, WPA2-PSK would help guarding the integrity and confidentiality of information, but doesn't quite help with availability. For obvious reasons the integrity and confidentiality only rely on the strength of the PSK, which often is less than perfect. There are plenty of posts here on WPA2 and its security, I'd suggest looking around for more information.

Milen
  • 1,148
  • 6
  • 12
  • If wpa2 encrypts layers 4,5,6 and 7, why can a MITM from within the WLAN(while the packets are encrypted) capture http credentials in plaintext (no https) even without performing a decryption of the traffic that WPA2 encrypts( even though they can decrypt it is easily )? – dylan7 Jul 26 '15 at 17:06
  • If it encrypts using a PSK, if you've joined the network, then you'd be sharing the key with everyone that's on the same network, wouldn't you? It's a little bit like sharing a password. This is designed to protect against the folks on the outside - those that don't have the PSK. – Milen Jul 26 '15 at 17:15
  • But you'd still have to use a tool with the PSK to decrypt the traffic, even if you are within the network right? Like if you are ARP poisoning the network, you still need to decrypt the wpa encrypted traffic , with the psk which you obviously know, to read the plaintext http (assuming no https),right? Or if there is https, sslstrip still has to remove the wpa encrypted layer with the psk to work, right? – dylan7 Jul 26 '15 at 18:39
  • No. This is transparently done by the hardware of your WiFi adapter, or the software supplicant. If you're doing ARP poisoning, this means you're already a member of the network (know the PSK), and you've been associated with the access point (AP). The L3 packets that you receive will not be AES/TKIP encrypted. However, upper-layer protocols may apply their own encryption - IPSEC, TLS, etc. – Milen Jul 26 '15 at 19:09