The Cable Guy - March 2003

Wi-Fi Protected Access (WPA) Overview

By The Cable Guy

The original IEEE 802.11 standard provided the following set of security features to secure wireless LAN communication:

• Two different authentication methods: Open system and shared key
• The Wired Equivalent Privacy (WEP) encryption algorithm
• An Integrity Check Value (ICV), encrypted with WEP, which provides data integrity

Eventually, these original security features would not be sufficient to protect wireless LAN communication in some common scenarios—especially large traffic volume environments. The original 802.11 standard has the following security issues:

• No per-user identification and authentication
• No support for extended authentication methods (for example, token cards, certificates/smart cards, one-time passwords, biometrics, and so on)
• No support for key management—dynamic, per-station or per-session key management and rekeying

To resolve these issues, the IEEE 802.1X Port-Based Network Access Control standard was adopted as an optional mechanism to provide authentication for 802.11 wireless LANs. With 802.1X authentication, the following is supported:

• Per-user identification and authentication

  802.1X uses Extensible Authentication Protocol (EAP), which enforces user-level authentication. In a Windows environment, authentication uses the credentials of a user or computer account in Active Directory.

• Support for extended authentication methods (for example, token cards, certificates/smart cards, one-time passwords, biometrics, and so on)

  EAP provides an infrastructure to support arbitrary authentication methods. Windows wireless networking supports EAP-Transport Level Security (EAP-TLS) for certificate and smart card-based authentication and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) for password-based authentication.

• Support for key management—dynamic, per-station or per-session key management and rekeying

  The EAP-TLS and PEAP-MS-CHAP v2 authentication processes derive mutually-determined unicast encryption keys. The unicast encryption key is changed periodically either by the wireless access point (AP) or by the Windows wireless client. Key determination attacks can be prevented through frequent rekeying.

The combination of IEEE 802.11, 802.1X, and the use of either EAP-TLS or PEAP-MS-CHAP v2 authentication provides secure wireless networking in a Windows environment.

IEEE 802.11i is a new standard that specifies improvements to wireless LAN networking security and addresses many of the security issues of the original 802.11 specification. While the new IEEE 802.11i standard was being ratified, wireless vendors agreed on an interoperable interim standard known as Wi-Fi Protected Access (WPA). The goals of WPA are the following:

• To require secure wireless networking

  As described later in this article, WPA requires secure wireless networking by requiring 802.1X authentication, the use of encryption, and the use of unicast and global encryption key management.

• To address the issues with WEP encryption through a software upgrade

  WPA solves all the remaining security issues with WEP encryption. As discussed later in this article, WPA requires firmware updates in wireless equipment and an update for wireless clients. Existing wireless equipment is not expected to require replacement.

• To provide a secure wireless networking solution for small office/home office (SOHO) wireless users

  For the SOHO, there is no RADIUS server to provide 802.1X authentication with an EAP type. SOHO wireless clients must use either shared key authentication (not recommended) or open system authentication (recommended) with a single static WEP key for both unicast and multicast traffic. WPA provides a preshared key option intended for SOHO configurations. The preshared key is configured on the wireless AP and each wireless client. The initial unicast encryption key is derived from the authentication process, which verifies that both the wireless client and the wireless AP have the preshared key.

• To be forward-compatible with the upcoming IEEE 802.11i standard

  WPA is a subset of the security features in the proposed IEEE 802.11i standard. There are no features of WPA that are not described in the current draft of the 802.11i standard.

• To be available today.

  WPA upgrades to wireless equipment and for wireless clients were available beginning in February, 2003.

On This Page

• Features of WPA Security
• Changes Required to Support WPA
• For More Information

Features of WPA Security

The following sections describe the features of WPA security.

WPA Authentication

With 802.11, 802.1X authentication is optional. With WPA, 802.1X authentication is required. Authentication with WPA is a combination of open system and 802.1X authentication, which uses two phases:

• The first phase uses open system authentication and indicates to the wireless client that it can send frames to the wireless AP.
• The second phase uses 802.1X to perform a user-level authentication.

For environments without a RADIUS infrastructure, WPA supports the use of a preshared key. For environments with a RADIUS infrastructure, WPA supports EAP and RADIUS.

WPA Key Management

With 802.1X, rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1X provide no mechanism to change the global encryption key that is used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required. The Temporal Key Integrity Protocol (TKIP) changes the unicast encryption key for every frame and each change is synchronized between the wireless client and the wireless AP. For the global encryption key, WPA includes a facility for the wireless AP to advertise changes to the connected wireless clients.

Temporal Key Integrity Protocol (TKIP)

For 802.11, WEP encryption is optional. For WPA, encryption using TKIP is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, yet can be performed using the calculation facilities present on existing wireless hardware. TKIP also provides for:

• The verification of the security configuration after the encryption keys are determined.
• The synchronized changing of the unicast encryption key for each frame.
• The determination of a unique starting unicast encryption key for each preshared key authentication.

Michael

With 802.11 and WEP, data integrity is provided by a 32-bit ICV that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, it is possible through cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity code (MIC) with the calculation facilities available on existing wireless hardware. The MIC is placed between the data portion of the 802.11 frame and the 4-byte ICV. The MIC field is encrypted along with the frame data and the ICV.

Michael also provides replay protection. A new frame counter in the 802.11 frame is used to prevent replay attacks.

AES Support

WPA defines the use of AES as an additional optional replacement for WEP encryption. Because adding AES support through a firmware update might not be possible for existing wireless equipment, support for AES on wireless network adapters and wireless APs is not required.

Supporting a mixture of WPA and WEP wireless clients

To support the gradual transition of a WEP-based wireless network to WPA, it is possible for a wireless AP to support both WEP and WPA clients at the same time. During the association, the wireless AP determines which clients are using WEP and which are using WPA. The disadvantage to supporting a mixture of WEP and WPA clients is that the global encryption key is not dynamic. All other security enhancements for WPA clients are preserved.

Changes Required to Support WPA

WPA requires software changes to:

• Wireless APs.
• Wireless network adapters.
• Wireless client software.

Changes to wireless APs

Wireless APs must have their firmware updated to support the following:

• The new WPA information element

  To advertise their capability to perform WPA, wireless APs send the beacon frame with a new 802.11 WPA information element that contains the wireless AP's security configuration (encryption algorithms, and so on).

• The WPA two-phase authentication: Open system followed by 802.1X (EAP with RADIUS or WPA preshared key)

• TKIP

• Michael

• AES (optional)

To upgrade your wireless APs to support WPA, you can obtain a WPA firmware update from your wireless AP vendor and upload it to your wireless APs.

Changes to wireless network adapters

Wireless network adapters must have their firmware updated to support the following:

• The new WPA information element

  Wireless clients must be able to process the WPA information element in beacon frames and respond with a specific security configuration.

• The WPA two-phase authentication: Open system followed by 802.1X (EAP or WPA preshared key)

• TKIP

• Michael

• AES (optional)

To upgrade your wireless network adapters to support WPA, you must upload a WPA firmware update to your wireless network adapter.

For Windows wireless clients, you must obtain an updated network adapter driver that supports WPA. For wireless network adapter drivers that are compatible with Windows XP with Service Pack 2 (SP2), Windows XP with Service Pack 1 (SP1), and Windows Server 2003, the updated network adapter driver must be able to pass the adapter's WPA capabilities and security configuration to Windows Wireless Auto Configuration.

Microsoft has worked with many wireless vendors to embed the WPA firmware update within the wireless adapter driver. Because of this, updating your Windows wireless client consists of simply obtaining the new WPA-compatible driver and installing it. The firmware is automatically updated when the wireless network adapter driver is loaded into Windows.

Changes to wireless client software

Wireless client software must be updated to allow for the configuration of WPA authentication (including preshared key) and the new WPA encryption algorithms (TKIP and AES).

You must obtain and install a new WPA-compliant configuration tool from your wireless network adapter vendor for wireless clients running the following:

• Windows 2000
• Windows XP with SP2, Windows XP with SP1, and Windows Server 2003, and using a wireless network adapter that does not support the Wireless Auto Configuration

WPA support is provided with Windows XP SP2. For wireless clients running Windows XP with SP1 or Windows Server 2003, and using a wireless network adapter that supports the Wireless Auto Configuration, you must obtain and install the WPA Wireless Security Update in Windows XP —a free download from Microsoft. The WPA Wireless Security Update updates the wireless network configuration dialog boxes to support new WPA options.

The following figure shows the Association tab for the properties of a wireless network in Windows XP with SP1 and Windows Server 2003. To view the Association tab, obtain the properties of the wireless network adapter in the Network Connections folder, and then click the Wireless Networks tab. Either click a wireless network in the list of available networks, and then click Configure or click a wireless network in the list of preferred networks, and then click Properties.

In the Wireless network key (WEP) section of the Association tab, the first two check boxes are:

• Data encryption (WEP enabled)

  This setting enables or disables WEP encryption. By default, WEP encryption is enabled.

• Network Authentication (Shared mode)

  When selected, shared key authentication is performed. When cleared, open system authentication is performed. By default, open system authentication is performed.

Installing Windows XP SP2 or the WPA Wireless Security Update changes the Association tab, as shown in the following figure.

The Wireless network key (WEP) section is now named Wireless network key and the two check boxes previously described are replaced with drop-down boxes.

The Data encryption (WEP enabled) check box is replaced with a Data encryption drop-down box that provides the following selections:

• Disabled Encryption of 802.11 frames is disabled.
• WEP 802.11 WEP is used as the encryption algorithm.
• TKIP TKIP is used as the encryption algorithm.
• AES AES is used as the encryption algorithm. This selection is only available if the wireless network adapter and its driver support the optional AES encryption algorithm.

If the wireless network adapter and its driver do not support WPA, you will not see the TKIP and AES options.

The Network Authentication (Shared Mode) check box is replaced with a Network Authentication drop-down box that provides the following selections:

• Open The open system authentication method is used.
• Shared The shared key authentication method used and the key is typed in Network key and Confirm network key.
• WPA WPA authentication (802.1X) is used with an EAP type configured on the Authentication tab.
• WPA-PSK WPA authentication (802.1X) is used with a preshared key and the key is typed in Network key and Confirm network key.

If the wireless network adapter and its driver do not support WPA, you will not see the WPA and WPA-PSK options.

For More Information

For more information about 802.11 wireless LAN support in Windows and WPA, see the following resources:

• WPA Wireless Security Update in Windows XP
• Microsoft Wireless Networking Web page

For a list of all The Cable Guy articles, click here.