Wi-Fi Protected Access

From Wikipedia, the free encyclopedia

Wi-Fi Protected Access (WPA and WPA2) is a certification program administered by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). The protocol implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. The protocol is specifically designed to also work with pre-WPA wireless network interface cards that pre-date the protocol (through firmware upgrades), but not necessarily with first generation wireless access points. The WPA2 certification mark indicates compliance with an advanced protocol that implements the full standard. This advanced protocol will not work with some older network cards.[1]

Contents

[edit] History

WPA is a certification program created by the Wi-Fi Alliance, an industry trade group, which owns the Wi-Fi trademark and certifies devices that bear that mark.

The WPA certification mark indicates compliance with a security protocol designed to enhance the security of wireless networks. There are two flavors of this protocol: enterprise and personal. Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user. Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase. The design of the protocol is based on a Draft 3 of the IEEE 802.11i standard.

The Wi-Fi Alliance created the protocol to enable introduction of standard-based secure wireless network products prior to the IEEE 802.11i group finishing its work. The Wi-Fi Alliance at the time had already anticipated the WPA2 certification based on the final draft of the IEEE 802.11i standard. Therefore, they intentionally made the tags on the frame fields (also known as information elements, or IEs) different from 802.11i to avoid the confusion in unified implementations of both the original and advanced versions of the protocol.

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in the protocol over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger initialization vector, this provides greatly improved protection against, and effectively defeats, the well-known key recovery attacks on WEP.

In addition to authentication and encryption, the protocol also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "message integrity code") is used in the protocol, using an algorithm named "Michael". The MIC used in protocol includes a frame counter, which prevents replay attacks being executed.

By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, the protocol makes breaking into a wireless LAN far more difficult. The Michael algorithm was the strongest that Wi-Fi Alliance designers could come up with that would still work with most older network cards. Due to inevitable weaknesses of Michael, TKIP will shut down the network for one minute if two frames are discovered that fail the Michael check after passing all other integrity checks that would have caught noisy frames. It will then require generation of new keys and reauthentication when the network restarts , forcing the attacker to start over.

[edit] WPA2

Main article: IEEE 802.11i-2004

The advanced protocol, certified through Wi-Fi Alliance's WPA2 program, implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, that is considered fully secure. From March 13, 2006, WPA2 certification is mandatory for all new devices wishing to be certified by the Wi-Fi Alliance as "Wi-Fi CERTIFIED."

[edit] Security in pre-shared key mode

Pre-shared key mode (PSK, also known as personal mode) is designed for home and small office networks that don't require the complexity of an 802.1X authentication server. Each user must enter a passphrase to access the network. The passphrase may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits (256 bits).[2] If you choose to use the ASCII characters, a hash function reduces it from 504 bits (63 characters * 8 bits/character) to 256 bits (using also the SSID). The passphrase may be stored on the user's computer at their discretion under most operating systems to avoid re-entry. The passphrase must remain stored in the wireless access point.

Security is strengthened by employing a PBKDF2 key derivation function. However, the weak passphrases users may typically employ are vulnerable to password cracking attacks. To protect against a brute force attack, a truly random passphrase of at least 20 characters should be used, and 33 characters or more is recommended.[3]

Some consumer chip manufacturers have attempted to bypass weak passphrase choice by adding a method of automatically generating and distributing strong keys through a software or hardware interface that uses an external method of adding a new wireless adapter or appliance to a network. These methods include pushing a button (Broadcom SecureEasySetup[4] and Buffalo AirStation One-Touch Secure System) and entering a short challenge phrase through software (Atheros JumpStart[5] and ZyXEL OTIST[citation needed]). The Wi-Fi Alliance has standardized these methods and certifies compliance with these standards through a program called Wi-Fi Protected Setup (formerly Simple Config).

[edit] EAP extensions under WPA- and WPA2- Enterprise

The Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA2- Enterprise certification programs. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS (Transport Layer Security) was certified by the Wi-Fi alliance.

The EAP types now included in the certification program are:

Other EAP types may be supported by 802.1X clients and servers developed by specific firms. This certification is an attempt for popular EAP types to interoperate; their failure to do so is currently one of the major issues preventing rollout of 802.1X on heterogeneous networks.

[edit] Hardware support

Most newer Wi-Fi CERTIFIED devices support the security protocols discussed above, out-of-the-box, as compliance with this protocol has been required for a Wi-Fi certification since September 2003.[6]

The protocol certified through Wi-Fi Alliance's WPA program (and to a lesser extent WPA2) was specifically designed to also work with wireless hardware that was produced prior to the introduction of the protocol [1] which usually had only supported inadequate security through WEP. Many of these devices support the security protocol after a firmware upgrade. Firmware upgrades are not available for all legacy devices.

[edit] References

  1. ^ a b Products that have sucessfully completed testing by the Wi-Fi Alliance for compliance with the protocol can bear the Wi-Fi Protected Access certification mark. "WPA is both forward and backward-compatible and is designed to run on existing Wi-Fi devices as a software download." Wi-Fi Protected Access White Paper. Wi-Fi Alliance.
  2. ^ Each character in the pass-phrase must have an encoding in the range of 32 to 126 (decimal), inclusive. (IEEE Std. 802.11i-2004, Annex H.4.1)
    The space character is included in this range.
  3. ^ "A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks." "... against current brute-strength attacks, 96 bits [of passphrase entropy] SHOULD be adequate." (Weakness in Passphrase Choice in WPA Interface, by Robert Moskowitz. Retrieved March 2, 2004.)
  4. ^ Broadcom Corporation - SecureEasySetup Software
  5. ^ JumpStart Whitepaper
  6. ^ Wi-Fi Protected Access Security Sees Strong Adoption. Wi-Fi Alliance Press Room.

[edit] External links