Wi-Fi Protected Access (WPA), superseding Wired Equivalent Privacy (WEP) in 2003, WPA2 (2004), and WPA3 (2018) are security certification programs developed by the Wi-Fi Alliance to secure wireless networks. Which of the following is correct? (Wentz QOTD)
A. TKIP is used in WEP to enforce confidentiality.
B. WPA3 employs HMAC to enforce nonrepudiation.
C. WPA uses RC4 as the underlying cipher for confidentiality.
D. WPA2 uses a stream cipher in CCM mode (counter with CBC-MAC).

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. WPA uses RC4 as the underlying cipher for confidentiality.

• RC4 is used in WEP to enforce confidentiality. However, “in August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[14] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network.” (Wikipedia)
• WPA3 employs HMAC to enforce authenticity; nonrepudiation is enforced by digital signature.
• WPA uses TKIP, employing RC4 as the underlying cipher, for confidentiality.
• WPA2 uses the AES, a block cipher, in CCM mode (counter with CBC-MAC).

Reference

• Wi-Fi Protected Access
• Wired Equivalent Privacy
• CCMP (cryptography)
• Block cipher mode of operation
• Wi-Fi Alliance® Wi-Fi® Security Roadmap and WPA3™ Updates
• WPA3 AND ENHANCED OPEN: NEXT GENERATION WI-FI SECURITY
• WPA3 Explained

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

Wi-Fi保護訪問（WPA），取代了2003年的有線等效保密（WEP），WPA2（2004）和WPA3（2018），是Wi-Fi聯盟開發的用於確保無線網絡安全的安全認證程序。 以下哪項是正確的？(Wentz QOTD)
A. TKIP在WEP中被用於強化機密性。
B. WPA3使用HMAC來實施不可否認性。
C. WPA使用RC4作為機密性的底層加密器(cipher)。
D. WPA2在CCM模式下使用流密碼（帶有CBC-MAC的計數器）。