WPA and 802.11i (WPA2)

haveIEEE 802.11i - IEEE 802.11 task group “MAC enhancement for wireless security”.

Wi-Fi Protected Access (WiFi Alliance), WPA, is a subset internal in 802.11i.

Compatible with work developed in 802.11i.

Only supports BSS.

Defined to work in actual equipment.

Pass-phrase constant and shared, but keys are generated per session.

Used in the AP and station.

WPA has two distinct components.

WPA

802.1X (≠ 802.11x) – defined for wired and wireless sessions, as a transport protocol.

EAP (Extensible Authentication Protocol) – like a wrapper for the specific authentication traffic.
Impact of EAP.
- Authentication does not traverse the AP (STA - server).
- It is possible to use different authentication methods without changing APs.

Defines also have a Pre-Shared Key (PSK).

Internal solution with better protection, for actual equipment.

Greater privacy.
- Uses the same cipher, but is now associated with the MAC and a larger IV.
- “Key rollover” with temporal validity.
Greater integrity.
- Integrity separated key.

Better than WPA.

Also includes TKIP.
Authentication IBSS (ad-hoc mode)?
RSN (Robust Security Network) protocol.
- Authentication and ciphering between APs and stations.
- Supports new ciphering protocols, resorting to 802.1x and EAP.
- Supports AES (Advanced Encryption Standard) ciphering.

Problems.

It does not cipher control and management frames.
- (Disassociate, output power, etc).
Requires new hardware.

Done during the Association process.

Last updated 1 year ago