Hi
When it comes to Wireless Security, I am quite a beginner.
Often, wireless security deals with hindering illegitimate
users to obtain "the key".
Fine, yet I have another problem ("nosey employee attack"[1]):
question
Given 1 Access Point, 2 legitimate users (A and B) with
2 laptops (MAC addresses known). For both users the setup
is the same (e.g. same key/passphrase ie. "the key" is known).
If you wish there is also a RADIUS server available.
Question: Is it possible to setup a configuration such that user B cannot read/decrypt A's traffic?
(like this is the case in a switched wired network neglecting
ARP poisoning, TEMPEST and co. Note that I also do not want
to use additional mechanisms (like VPN).).
considerations
As far as I understand:
- open: B always can read A's traffic (trivial)
- WEP: B always can decrypt A's traffic (same key for RC4)
- WPA-PSK (TKIP, with RC4): B also is able to decrypt A's traffic (same PSK, MAC known, ANonce/SNonce known -> PTK predictable[2])
- WPA2-PSK (CCMP, with AES): seems to invoke the same problem as with TKIP/RC4.
More interesting (and maybe the solution to the problem):
- WPA/2-TLS/PEAP: The PSK is replaced with a client-certificate/user credentials
Question: Assume I am in an environment with WPA/2-PEAP. I am
connecting to the network wirelessly using 2 laptops using the
same credentials. Can I decrypt the traffic flowing from the
first laptop if sniffed on the second laptop?
LEPS
I read about the LEPS-Feature[3] of lancom, which allows
to relate a MAC-address to an individual passphrase - so there
indeed seems to be a problem?
I hope this is not too confusing... Any help appreciated! Thanks.
Cheers
[1] http://www.awprofessional.com/articl...&seqNum=6&rl=1
[2] http://www.antionline.com/showthread...592#post825592
[3] http://www.mylancom.de/fileadmin/pro...ecurity-EN.pdf, section 9