Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a system to secure wireless (Wi-Fi) networks, created to patch the security of the previous system, WEP (Wired Equivalent Privacy); researchers have found a number of weaknesses in WEP. As a successor, WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA was created by The Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name. Certifications for implementations of WPA started in April 2003 and became mandatory in November 2003. The full 802.11i was ratified in June 2004.

WPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure pre-shared key (PSK) mode. Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV).

One major improvement over WEP is given by the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (here termed a Message Integrity Check (MIC)) called "Michael" is used in WPA. Further, the MIC used in WPA includes a frame counter, which prevents replay attacks being executed.

WPA was specifically extracted as an intermediate step towards improved 802.11 security for two reasons: first, 802.11i's work lasted far longer than originally anticipated, spanning four years, during a period of ever-increasing worries about wireless security; second, it encompasses as a subset of 802.11i only elements that were backwards compatible with WEP for even the earliest 802.11b adapters. WPA firmware upgrades have been provided for the vast majority of wireless NICs ever shipped; 802.11 gateways sold before 2003 generally needed to be replaced.

By increasing the size of the keys, the number of keys in use, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to attack. To limit this risk, WPA networks shut down for 30 seconds whenever an attempted attack is detected.

WPA2 is the certified form of IEEE 802.11i tested by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i [1] (http://www.wi-fi.org/opensection/pdf/WPA2_Q_A.pdf). In particular, the Michael algorithm is replaced by a message authentication code that is considered fully secure. Official support for WPA2 in Microsoft Windows XP was rolled out on the 1st of May 2005 (http://www.microsoft.com/downloads/details.aspx?familyid=662bb74d-e7c1-48d6-95ee-1459234f4483&displaylang=en).

The Wi-Fi Alliance calls the pre-shared key version WPA-Personal or WPA2-Personal and the 802.1X authentication version WPA-Enterprise or WPA2-Enterprise. The group uses these terms to allow purchasers to know at a glance what the highest level and type of protection is available with a device.

Contents

1 Security in pre-shared key mode 2 EAP Types under WPA- and WPA-2 Enterprise 3 See also 4 References 5 External links

Security in pre-shared key mode

Pre-shared key mode (PSK or WPA-PSK, also known as personal mode) is designed for home and small office networks that cannot afford the cost and complexity of an 802.1X authentication server. Each user must enter a passphrase to access the network. The passphrase may be from eight to 63 ASCII characters or 64 hexadecimal digits (256 bits). The passphrase may be stored on the user's computer at their discretion under most operating systems to avoid re-entry. The passphrase must remain stored in the Wi-Fi access point.

Security is strengthened by employing a PBKDF2 key derivation function. However, the weak passphrases users typically employ create a major vulnerability to password cracking attacks. It is recommended that a passphrase of at least 5 Diceware words or 14 completely random letters be used with WPA. For maximum strength, 8 Diceware words or 22 random characters should be employed. Passphrases should be changed whenever an individual with access is no longer authorized to use the network or when a device configured to use the network is lost or compromised.

Some consumer chip manufacturers have attempted to bypass weak passphrase choice by adding a method of automatically generating and distributing strong keys through a software or hardware interface that uses an external method of adding a new Wi-Fi adapter or appliance to a network. These methods include pushing a button (Broadcom SecureEasySetup (http://www.broadcom.com/products/secureeasysetup.php) and Buffalo AirStation One-Touch Secure Setup (http://www.buffalotech.com/wireless/products/AOSS.html)) and entering a short challenge phrase through software (Atheros JumpStart (http://www.atheros.com/pt/atheros_JumpStart_for_wireless_whitepaper.pdf)).

EAP Types under WPA- and WPA-2 Enterprise

The Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA-2 Enterprise. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS was certified by the Wi-Fi alliance.

The EAP types now included in the certification program are:

• EAP-TLS (previously tested)
• EAP-TTLS/MSCHAPv2
• PEAPv0/EAP-MSCHAPv2
• PEAPv1/EAP-GTC
• EAP-SIM

Other EAP types may be supported by 802.1X clients and servers developed by specific firms. This certification is an attempt for popular EAP types to interoperate; their failure to do so is currently one of the major issues preventing rollout of 802.1X on heterogeneous networks.

See also

• WAPI

References

• Wi-Fi Alliance. (2003). Wi-Fi Protected Access: Strong, standards-based, interoperable security for today’s Wi-Fi networks. Retrieved March 1, 2004 from http://www.wifialliance.com/OpenSection/pdf/Whitepaper_Wi-Fi_Security4-29-03.pdf
• Wi-Fi Alliance. (2004). Wi-Fi Protected Access™ security sees strong adoption: Wi-Fi Alliance takes strong position by requiring WPA security for product certification. Retrieved January 5, 2004 from http://www.wi-fi.org/opensection/ReleaseDisplay.asp?TID=4&ItemID=165&StrYear=2004&strmonth=2
• Weakness in Passphrase Choice in WPA Interface, by Robert Moskowitz. Retrieved March 2, 2004 from http://wifinetnews.com/archives/002452.html
• Press Release about new EAP types supported under WPA-Enterprise from http://www.wi-fi.org/OpenSection/ReleaseDisplay.asp?TID=4&ItemID=205&StrYear=2005&strmonth=4

External links

• Wi-Fi Alliance's WPA page (http://www.wi-fi.org/opensection/protected_access.asp)
• Wi-Fi Alliance's Interoperability Certificate page (http://www.wi-fi.org/opensection/certification-certificate.asp)
• Apple Airport and Wi-Fi Network Security (http://theworld.com/~reinhold/airport.html)
• EAP types supported under WPA-Enterprise (http://www.wi-fi.org/OpenSection/eap.asp)de:Wi-Fi Protected Access

it:Wi-Fi Protected Access pl:WPA