Another means of WLAN security comes in the form of Wi-Fi Protected Access (WPA). WPA was introduced in 2003 by the Wi-Fi Alliance, a nonprofit association that certifies WLAN product interoperability based on IEEE 802.11 specifications. Two versions of WPA exist: WPA and WPA2. They are described in the sections that follow. WPAWPA was designed as a replacement for WEP. The Temporal Key Integrity Protocol (TKIP) is an improvement over WEP. It causes keys to automatically change, and when used in conjunction with a larger initialization vector (IV), it makes discovering keys highly unlikely. Note An IV is a block of bits added to the first block of data of a block cipher. This block is addedor hashedwith the base key and is used with other types of ciphers. This block strengthens security because the same transmissions with the same key yield the same output. As a result, attackers can notice the similarities and derive both the messages and the keys being used. On top of authentication and encryption improvements, WPA secures the payload better than in WEP. With WEP, cyclic redundancy checks (CRC) are used to ensure packet integrity. However, it is possible to alter the payload and update the message CRC without knowing the WEP key because the CRC is not encrypted. WPA uses message integrity checks (MIC) to ensure packet integrity. The MICs also employ a frame counter, which prevents replay attacks. Note Replay attacks occur when an attacker intercepts a transmission, and then rebroadcasts that transmission at a later time. For example, if a password is intercepted, the attacker does not need to know how to read the message; he can simply rebroadcast it later, and then gain access using the victim's credentials. Note MICs are often called Michael in Wi-Fi parlance. Breaking into a WLAN using WPA is more difficult than WEP because the IVs are larger, there are more keys in use, and there is a sturdier message verification system. WPA2As you might deduce from its name, WPA2 is the second and latest version of WPA. The most important difference between the two is the method of encryption. WPA uses RC4, whereas WPA2 uses AES. Not only is the AES encryption method much stronger, it is also a requirement for some government and industry users. WPA2 is backward compatible with WPA, and many WPA-certified products can be upgraded with software to WPA2. However, some products might require hardware upgrades. WPA was designed to be a software upgrade to WEP. However, WPA2 didn't have such a design goal. As such, in many cases a hardware upgrade will be necessary to update to WPA2. |