WPA2 IN WIRELESS NETWORK



WPA2 in Wireless Network

WPA2 in Wireless Network

Introduction

Wired Equivalent Privacy (WEP) is the encryption algorithm built into the 802.11 (Wi-Fi) standard. WEP encryption uses the RC4 stream cipher with 40 or 104 bit keys and a 24 bit initialization vector. WEP refers to the intent to provide a privacy service to wireless LAN users similar to that provided by the physical security inherent in a wired LAN (Rantwijk, 2006, 07-10). When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by a 64-bit RC4 key (Adam, 2004, 319-23). This key is composed of a 24-bit initialization vector (IV) and a 40-bit WEP key (http://www.wi-fi.org). The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream (Rantwijk, 2006, 07-10). The IV is chosen by the sender and can be changed periodically so every packet won't be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end. The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.

Definition

WPA2 has replaced WPA; WPA2 requires testing and certification by the Wi-Fi Alliance (Rantwijk, 2006, 07-10). WPA2 implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, which is considered fully secure. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark (http://www.wi-fi.org).

Wi-Fi Protected Access (WPA and WPA2) a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks (Adam, 2004, 319-23). This protocol was created in response to several serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy).

WPA

WPA resolves the issue of weak WEP headers, which are called initialization vectors (IV), and provides a way of insuring the integrity of the messages passed through MIC (called Michael or message integrity check) using TKIP (the Temporal Key Integrity Protocol) to enhance data encryption. WPA-PSK is a special mode of WPA for home users without an enterprise authentication server and provides the same strong encryption protection (Rantwijk, 2006, 07-10).

In simple terms, WPA-PSK is extra-strong encryption where encryption keys are automatically changed (called rekeying) and authenticated between devices after a specified period of time, or after a specified number of packets has been transmitted. This is called the rekey interval (Adam, 2004, 319-23). WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons. The process used to generate the encryption key is very rigorous and the rekeying (or key changing) is done very quickly. This stops even the most determined hacker from gathering enough data to break the encryption (Rantwijk, 2006, 07-10).

WEP was confusing to home users because of the various types ...