Home
Home-WLAN Blog
Wireless Internet
Cracking WEP
WLAN description
Setting up WLAN
WiMAX
Range extension
How WLAN Works
Why Wireless
WEP vs WPA
WLAN formation
Security
WLAN traps
Wireless Telephony
RFID
Contact
Free Newsletter
Your Wireless

XML RSS
What is this?
Add to My Yahoo!
Add to My MSN
Add to Google
 

WPA - replacement of WEP.



What is the WPA, replacement of WEP? Wi-Fi Alliance launched in October 2003 the next generation in WLAN security - Wi-Fi Protected Access – WPA. Wi-Fi Protected Access does not require a hardware upgrade on 802.11 equipment.

You only need to upgrade software and firmware, and it makes only minimal degradation in a network performance.

WPA was designed as a replacement of WEP and answer to all WEP weaknesses. It uses Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC). It also has mutual pre-shared key (PSK) authentication scheme using 802.11X/EAP.

WI-Fi Alliance launched WPA2 in September 2004. It is certified interoperable version of the WPA. WPA2 beside PSK 802.1X/EAP authentication, use an advanced encryption mechanism. This new mechanism is Counter-Mode/CBC-MAC Protocol (CCMP) called Advanced Encryption Standard (AEP).

WPA and WPA2 have two certification modes:
- Enterprise
- Personal

You have four different versions of Wi-Fi CERTIFIED devices:

1) WPA-Personal
2) WPA2-Personal
3) WPA-Enterprise
4) WPA2-Enterprise





WPA
WPA2
Enterprise mode

Authentication:802.1X/EAP
Encryption: TKIP/MIC

Authentication:802.1X/EAP Encryption: AES/CCMP
Personal mode
Authentication:PSK Encryption: TKIP/MIC
Authentication:PSK
Encryption: AES/CCMP


Personal Mode - designed for home and office (SOHO) environment. You do not need authentication server (Radius or IAS).

It uses manually entered PSK (pre-shared key or pass-phrase). Security level of your wireless network is based on this PSK. So, use mix of letters, numbers and non-alphanumerical characters. Personal mode uses methods of encryption as Enterprise – per-user, per-session, per-packet encryption with TKIP (WPA) or AES (WPA2).

Enterprise Mode - operates in managed mode with the authentication servers (Radius or IAS). With this mode you can meet rigorous requirements of enterprise security.

If you want to use WPA and WPA2, replacement of the WEP, you need firmware upgrade (on the access point or wireless router) and driver update (on client adapter). So, as you can see, both client and wireless router (or access point) need to support WPA2. This updates you can find on vendors websites. Maybe you will need to upgrade OS too.

With Windows 2000 you could have a problem. I have Intel PRO wireless card and with Intel PROSet, I could use WPA2. McAfee's Wireless Home Network Security software can be used also for many wireless cards but it is not free.

For Windows XP you need operating system update - KB917021. Also you need to upgrade a driver for your wireless card.

Windows Vista supports WPA2 without any specific update or patch.

Linux also supports WPA2. You could use tool called NetworkManager with GNOME and KDE to configure security and settings for your wireless networks.

Apple MAC OS X supports WPA2 with release 4.2 update to AirPort software on all Airport Extreme enabled Macintoshes, the AirPort Extreme Base Station, and the AirPort Express.

Some mobile phones like Nokia E70 with Symbian S60 also support Wi-Fi and WPA2 encryption.





Return from WPA replacement of WEP to Security


footer for replacement of WEP page