Rugged Mobile Computer Devices by Buy ToughPC

802.11 FAQs about WPA vs WEP

802.11

System Architecture

Hardware

Host Connectivity

Area Networks

Transmission Options

FAQ’s about WPA vs WEP

What is WPA?
How does WPA work?
How WPA improves on WEP
Weak IV values are susceptible to attack
Master keys are used directly in WEP
Key Management and updating is poorly provided for in WEP
Message integrity checking is ineffective
Conclusion

FAQs about WPA vs WEP: How your Choice Affects your Wireless Network Security
An exploration of the reasons why WPA provides stronger wireless security than WEP in your wireless network

What is WPA?
WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's equipment.

WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.

How does WPA work?
WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.

The weaknesses in WEP have been well publicized. TKIP's improvements are described below.

How WPA improves on WEP
IV values can be reused/IV length is too short

The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely.
In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP.

Weak IV values are susceptible to attack
WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex.

Master keys are used directly in WEP
Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice.

Key Management and updating is poorly provided for in WEP
Secure key management is built-in to WPA, so key management isn't an issue with WPA.

Message integrity checking is ineffective
WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Michael comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.

Conclusion
WPA (TKIP) is a great solution, providing much stronger security than WEP, addressing all the weaknesses and allowing compatibility and upgrades with older equipment.

email this page

print this page

Contact Us
Contact
How-To-Buy
Form

Full Version: About BTPC

WPA-TLS Setup