01-10-2012, 12:15 PM
Wi-Fi Protected Access
[attachment=34897]
INTRODUCTION
Brought by the Wi-Fi Alliance, working in conjunction with the IEEE.
Standards-based, interoperable security specification
Significantly increases the level of data protection and access control for existing and future wireless LAN systems
WPA at a Glance
WPA is a subset of the 802.11i draft standard and will maintain forward compatibility
It addresses all known vulnerabilities in WEP to ensure data authenticity on wireless LANs
It provides an effective deterrent against almost all known attacks.
Wired Equivalency Privacy, was intended to provide wireless users with the same level of privacy inherent in wired networks.
The WEP flaws :
Weak Keys
Initialization Vector (IV) Reuse
Known plaintext attacks
Denial of Service attacks
WPA: How It Works
WPA’s strength comes from
An integrated sequence of operations that encompass 802.1X/EAP authentication and
Sophisticated key management and encryption techniques.
Its major operations include:
Network security capability determination : This occurs at the 802.11 level and is communicated through WPA information elements in Beacon, Probe Response, and (Re) Association Requests.
Authentication: EAP over 802.1X is used for authentication
Key management: Keys are generated after successful authentication and through a subsequent 4-way handshake between the station and Access Point .
Data Privacy (Encryption): TKIP is used to wrap WEP in sophisticated cryptographic and security techniques to overcome most of its weaknesses.
Data integrity: TKIP includes a message integrity code (MIC) at the end of each plaintext message to ensure messages are not being spoofed.
Security mechanisms in WPA
One of WEP’s chief weaknesses was that it used a small static key to initiate encryption.
WPA uses a greatly enhanced encryption scheme, Temporal Key Integrity Protocol (TKIP).
TKIP increases the size of the key from 40 to 128 bits and replaces WEP’s single static key with keys that are dynamically generated and distributed by the authentication server.
The Future: WPA2
TKIP encryption, 802.1X/EAP authentication and PSK technology in WPA are features that have been brought forward from WPA2.
Additionally, WPA2 provides a new, encryption scheme, the Advanced Encryption Standard (AES).
AES uses a mathematical ciphering algorithm that employs variable key sizes of 128-, 192- or 256-bits.
WPA2 offers a highly secure “mixed mode” that supports both WPA and WPA2 client workstations.
Conclusion
As a subset of WPA2, WPA presents users with a solution that is both forward- and backward-compatible with present and future wireless standards.
It offers enterprise-grade protection and, most importantly, it is available today.
WPA allows users, whether they are at home or at work, to enjoy all the mobility and flexibility that Wi-Fi wireless computing has to offer, knowing that their data is safely protected beyond the reach of intruders.
[attachment=34897]
INTRODUCTION
Brought by the Wi-Fi Alliance, working in conjunction with the IEEE.
Standards-based, interoperable security specification
Significantly increases the level of data protection and access control for existing and future wireless LAN systems
WPA at a Glance
WPA is a subset of the 802.11i draft standard and will maintain forward compatibility
It addresses all known vulnerabilities in WEP to ensure data authenticity on wireless LANs
It provides an effective deterrent against almost all known attacks.
Wired Equivalency Privacy, was intended to provide wireless users with the same level of privacy inherent in wired networks.
The WEP flaws :
Weak Keys
Initialization Vector (IV) Reuse
Known plaintext attacks
Denial of Service attacks
WPA: How It Works
WPA’s strength comes from
An integrated sequence of operations that encompass 802.1X/EAP authentication and
Sophisticated key management and encryption techniques.
Its major operations include:
Network security capability determination : This occurs at the 802.11 level and is communicated through WPA information elements in Beacon, Probe Response, and (Re) Association Requests.
Authentication: EAP over 802.1X is used for authentication
Key management: Keys are generated after successful authentication and through a subsequent 4-way handshake between the station and Access Point .
Data Privacy (Encryption): TKIP is used to wrap WEP in sophisticated cryptographic and security techniques to overcome most of its weaknesses.
Data integrity: TKIP includes a message integrity code (MIC) at the end of each plaintext message to ensure messages are not being spoofed.
Security mechanisms in WPA
One of WEP’s chief weaknesses was that it used a small static key to initiate encryption.
WPA uses a greatly enhanced encryption scheme, Temporal Key Integrity Protocol (TKIP).
TKIP increases the size of the key from 40 to 128 bits and replaces WEP’s single static key with keys that are dynamically generated and distributed by the authentication server.
The Future: WPA2
TKIP encryption, 802.1X/EAP authentication and PSK technology in WPA are features that have been brought forward from WPA2.
Additionally, WPA2 provides a new, encryption scheme, the Advanced Encryption Standard (AES).
AES uses a mathematical ciphering algorithm that employs variable key sizes of 128-, 192- or 256-bits.
WPA2 offers a highly secure “mixed mode” that supports both WPA and WPA2 client workstations.
Conclusion
As a subset of WPA2, WPA presents users with a solution that is both forward- and backward-compatible with present and future wireless standards.
It offers enterprise-grade protection and, most importantly, it is available today.
WPA allows users, whether they are at home or at work, to enjoy all the mobility and flexibility that Wi-Fi wireless computing has to offer, knowing that their data is safely protected beyond the reach of intruders.