For example, clients based on Windows XP effectively require either Service Pack 2 and some patches or the addition of the WPA client to their wireless configuration.
Wireless clients' software also may need to be upgraded. The disadvantage of WPA is that older wireless access points may need to have their firmware updated. Experts say that AES-CCMP is robust enough to be used for government data security purposes. In other words, this means an improved encryption algorithm.
WPA2 compliments TKIP and the improved data integrity control algorithm with more secured encryption mechanism called Advanced Encryption Standard (AES) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). In simple words, WPA includes a mechanism to determine whether a received packet has already been sent or not. This prevents hackers from capturing existing data packets, modifying them, and then re-sending to the access point. WPA also provides better data integrity control when compared to WEP. This gives WPA more strength compared to WEP because a hacker would need to capture significantly more data packets in case of WPA when trying to perform so-called statistical attack. WPA employs the RC4 encryption mechanism which is the same like WEP, but WPA uses a longer security key, 128 bit in length (compared to 104 bit in WEP) and longer initialization vector, 48 bit in length (compared to 24 bit in WEP).
Some wireless routers provide a function allowing the administrator to control how often the Group Transient Key is changed by the access point.Īs you can see, this mechanism is principially quite hard to crack because even if the attacker captures some security key from the data flow, it is limited to a single session and can even expire within that session as well.Įncryption algorithm and security fundamentals The Master Key is then further split into so-called Group Transient Key which secures multicast and broadcast messages sent by the access point to the clients, and to another security key called Pairwise Transient Key which secures the unicast messages sent from wireless clients to the access point. However, once the initial authentication is completed, then another so-called Master Key is generated which is bound to the particular session between the access point and the client. So far, the concept of WPA is the same like in WEP. The TKIP mechanism shares a starting key between devices, but each device then changes its encryption key for the ongoing communication.įirst, initial authentication is done using the Pre-Shared Key set in the wireless configuration (the key that is set at the access point and then distributed by the admin to clients). When we talk about security keys, we implicitly talk about a working mechanism of security keys. This system changes the security key used for data transmission every specified amount of time to prevent cracking attempts. This is a revolutionary improvement because even if the intrusor obtains one security key, he will not be able to use it for long. This is done through so-called Temporal Key Integrity Protocol (TKIP). While WEP uses the same static security key for both encryption and decryption of all communication (the key never expires), WPA implements a mechanism involving a number of security keys. WAP is also better than WEP in its data encryption abilities. Now let's take a look at the difference between WPA and WPA2. The following table compares WPA-802.1x, WPA-PSK, and WEP in their suitability for large corporations or home and small business use: WPA-PSK on the other hand is a solution for small businesses and homes which utilizes so-called Pre-Shared Key (PSK) which is technically (from the user perspective) similar to how security keys with WEP are implemented but in a more secure way (more about this in the TKIP section below). Authentication servers also distribute security keys to individual users dynamically.
This means that after the authenticating user associates with the wireless access point, his or her credentials are also checked against a locally stored database or even external sources (for example RADIUS or Kerberos). WPA-802.1x is a good choice for large businesses because it combines access point authentication with another layer of authentication through external authentication services. WPA comes in two flavors, that is WPA-802.1x and WPA-PSK. Perhaps the most important improvement over WEP is a dynamic security key exchange mechanism and much more improved authentication and encryption mechanisms. WPA builds upon WEP, making it more secure by adding extra security algorithms and mechanisms to fight intrusion. This tutorial is a continuation from the first page: Wireless Wi-Fi network security tutorial 101 (part 1) WPA Wi-Fi Protected Access (WPA & WPA2) This wireless security standard is playing today a vital role in the security of wireless networks.