Skip to main content
abstract blue background

Education & Training

Online Course

14 August 2020 - 9:00 am to 4:30 pm EDT

Registration closes on 12 August 2020 at 5:00 pm EDT
Special Offer

Online via WebEx

Price

$279 IEEE ComSoc member
$349 IEEE member
$459 non-member

Not a member?  Join ComSoc Today
IEEE Members can add ComSoc to their membership.

 

Special Offer:
Register for both the 30 July 2020 “An Introduction to Wi-Fi” course and the 14 August 2020 “Wi-Fi Security” course in one transaction and save 10% on your registration fee for both courses.  Enter promo code WIFI2020 during the checkout process to receive your discount or click here to register for both courses now.

Course Description

Just added in 2020: Even as WPA3 has successfully advanced the state of security protections in Wi-Fi systems, vulnerabilities have recently been found even in WPA3. In this course, we explore both the features of WPA3 and its known vulnerabilities.

Everyone uses Wi-Fi. However, most people may not have a strong understanding of what the differences are between the available security options, like WPA, WPA-PSK, WPA2, TKIP, AES, etc., and most recently, WPA3. You may even have heard that WEP is supposed to be bad, but you are not be sure how WPA and WPA2 improve on it. Furthermore, because Wi-Fi security started from something very weak, and then was improved in stages, it can be very helpful to trace through the various generations of Wi-Fi security, and thus gain a better understanding of wireless security.

This course explains the motivations for wireless and Wi-Fi security and describes initial attempts with open authentication, WEP-based authentication, WEP encryption, etc. We will then explore the many problems with WEP, its use of keys, etc.; and ways that it can be broken. We’ll then discuss how WPA, as a stopgap measure, addresses some of the issues with WEP and how WPA2 is even more secure. The IEEE 802.1X model, and the difference between PSK and enterprise modes will then be explained. Recent updates with WPA3 will also be discussed. WPA3 introduces a range of security enhancements to Wi-Fi systems, but even WPA3 has it weaknesses. Vulnerabilities in WPA3 have been discovered and published this year (2020), and we’ll discuss these as well.

Who Should Attend

This course is ideal for wireless and telecomm engineers, researchers, and students (advanced undergraduates or graduate students), as well as computer science practitioners, researchers and students, who are interested in understanding:

  • the directions that Wi-Fi security has taken since the early embarrassment of WEP
  • how weaknesses in the earlier generations of wireless security, and even WPS, could be  exploited
  • how WPA, WPA2, and their variations work, what is the difference between personal and enterprise modes, etc. the latest developments with WPA3

The level of instruction is intermediate to advanced.

Pre-requisites: Knowledge of Wi-Fi on the level of the ComSoc Training course, An Introduction to Wi-Fi (offered on 8 August) is helpful. However, a brief review of Wi-Fi will be provided at the beginning of this course.

Instructor

Daniel Wong

Daniel Wong

Head of Product Security

V-Key Pte Ltd, IEEE WCP

Learning Objectives

Upon completion of this course, students are expected to understand:

  • How to think of Wi-Fi systems from a security perspective, including how the different components are put together and work together to protect a Wi-Fi network.
  • How to design Wi-Fi deployments to optimize usage of security technologies.
  • The directions in which Wi-Fi security has been maturing as Wi-Fi has been developing.
  • How to explore Wi-Fi deployments using practical tools, with an understanding of how to use those tools to help examine the operation of the Wi-Fi networks, including security mechanisms.

Course Content

Introduction

  • Definitions, overview
  • Wi-Fi overall concepts - very brief review
  • Motivations for WiFi security, and initial attempts

WEP

  • WEP authentication
  • WEP encryption
  • weaknesses
  • Ways WEP could be defeated to recover the key,  etc.
  • Lessons learned

WPA & other stopgap measures

  • Motivations and constraints
  • TKIP
  • MICHAEL
  • Other attempts: MAC-based filtering, browser hijacking architectures,  etc.
  • Enterprise mode vs personal mode
  • 802.1X, EAP and WPA
  • Lessons learned
  • Ways WPA could be defeated with dictionary attacks, etc.

More on 802.1X and EAP and usage  considerations

  • EAP for end-to-end secure  authentication
  • Choosing between EAP alternatives

WPA2

  • An upgrade of WPA
  • AES
  • Use of AES in practice, e.g., AES-CCMP vs  alternatives
  • Enterprise mode vs personal mode
  • Lessons learned

WPA3

  • 14 years after WPA2, in 2018 ..
  • KRACK and related concerns
  • dragonfly handshake, simultaneous authentication of equals  (SAE)
  • Easy Connect (not actually part of  WPA3)
  • Enhanced Open (not actually part of  WPA3)
  • Enterprise mode: 192-bit-equivalent  security
  • Vulnerabilities discovered in WPA3 in 2019-2020

Misc related topics: WPS, social engineering, etc.

  • WPS for "ease" of set-up
  • Problems with WPS implementations
  • Tools for inspecting Wi Fi networks – wireshark, wireless tools, etc.
  • Promiscuous mode, monitor mode ..
  • Social engineering approaches
  • Planning your secure wireless network

Course Agenda

Below is an approximate schedule for the day:

9:00am - Facilitator Introduction

9:10am - Instructor Lectures

Short break (10-15 minutes)

Instructor Lectures

12:30pm - Mid-point break (approx. 1 hour)

1:30pm - Instructor Lectures

Short break (10-15 minutes)

Instructor Lectures

4:30pm - Course Concludes

 

Course Materials

Each registered participant receives a copy of instructor slides and access to the recording of the course for 20 business days after the live lecture. Earn 0.6 IEEE Continuing Education Units for participating and completing the post-course evaluation.

Upon registration, you will automatically be emailed the WebEx invitation for the course session, but you will also be sent a reminder message to join the WebEx session prior to the start of the course. Course materials will be emailed to you and will be available for download from the WebEx session page for this course, the day prior to the scheduled course date.

Course Cancellation and Refund Policy: Requests for online course cancellations must be received 3 business days prior to the course date for a full refund. Once course materials have been shared with a participant, a cancellation request cannot be accommodated.

Contact Us

For general inquiries and technical support, contact Tara McNally, Certification and Professional Education Manager.

Review the system requirements for WebEx.
Test your browser by joining a meeting.