802.11i, WPA, RSN and What it all Means to Wi-Fi Security

In the Beginning: 802.11i

The long-anticipated 802.11i specification for wireless LAN security was finally ratified by the IEEE in June 2004. It had been in the works for years. Unlike 802.11a, b and g specifications, all of which define physical layer issues, 802.11i defines a security mechanism that operates between the Media Access Control (MAC) sublayer and the Network layer.

The new spec offers significant improvements over the old standard, Wired Equivalent Privacy (WEP). The specifications were developed by the IEEE’s TGi task group, headed by David Halasz of Cisco. However, during 802.11i’s long, long gestation period, WPA emerged as an interim solution.

WPA

Wi-Fi Protected Access (WPA) was created by the Wi-Fi Alliance in 2002 – in part out of impatience with the slow-moving 802.11i standard. The industry consortium’s consensus was that an alternative to WEP was needed quickly, and WPA was the result. To avoid multiple “standards” and conflicts later on, WPA was designed from the get-go to be compatible with 802.11i and was based on its early draft specifications. This sets WPA apart from a number of proprietary Wireless LAN security solutions that were developed by Proxim, Funk and other vendors.

WPA provides several security advantages. First, it uses a stronger key management scheme, by implementing the Temporal Key Integrity Protocol (TKIP). TKIP creates encryption values that are mathematically derived from a master key, and changes these encryption keys and IV values automatically (and transparently to the user) so to prevent key stream reuse. This is important because WEP keys have to be changed manually, and this can be an administrative hassle, leading to administrators not changing the keys often enough (or not at all). TKIP also uses a Message Integrity Code called Michael that uses a 64 bit key. The integrity checker is designed to block forged messages.

There are two methods for generating the master key, and WPA operates in two different modes, depending on whether pre-shared keys are used or a central authentication server is available. For home users, WPA offers easy setup (one big problem with WEP was that many users found it too difficult or confusing to set up and manage, so they didn’t). Authentication is based on the Extensible Authentication Protocol (EAP) and can use pre-shared keys that make it simple to configure on the WAP and clients in small network settings: you manually enter a password, and then TKIP does its thing, automatically changing the keys periodically. This is called PSK (for PreShared Key) mode.

Tip:
It is recommended that when using PSK mode, you should set a password with at least 20 characters.

At the large network level, operating in Enterprise mode, WPA supports RADIUS so that users can be authenticated through a centralized server. WPA 802.1x authentication methods include EAP-TLS, EAP-TTLS, EAP-LEAP, EAP-PEAP and other implementations of EAP.

WPA uses the same encryption algorithm for encrypting data that WEP uses: the RC-4 cipher stream algorithm. However, TKIP uses a 48 bit initialization vector, as opposed to the weaker 24 bit IV used by WEP.

The Wi-Fi Alliance started certifying WPA-capable wireless equipment in April 2003. You can find a list of certified products on the Wi-Fi Alliance Web site at http://www.wi-fi.org/OpenSection/certified_products.asp?TID=2. To use WPA, older WAPs must have a firmware upgrade applied. Some WAPs can support both WEP and WPA clients simultaneously. The client computer’s operating system and wireless network adapter must support WPA.

The Windows WPA client is available from Microsoft for Windows XP (with SP1) and Server 2003 systems. The WPA update is included in the Wireless update rollup package for XP (See http://support.microsoft.com/default.aspx?kbid=826942). You can download the WPA patch for XP Professional and Home at http://www.microsoft.com/downloads/details.aspx?FamilyID=009D8425-CE2B-47A4-ABEC-274845DC9E91&displaylang=en.

After you install the update and reboot, there will be new dialog boxes added to the Network configuration window, for configuring WPA.

Note:
If you’re using an operating system other than XP/2003, you must install a third party client program called a supplicant, such as the one available from Funk Software (www.funk.com).

You may need to get updated drivers for your wireless network card from the NIC vendor. For step-by-step instructions on upgrading your WAP and network card, see http://www.pcmag.com/print_article/0,3048,a=107756,00.asp.

RSN

Another element of the 802.11i is Robust Security Network (RSN), which dynamically negotiates the authentication and encryption algorithms to be used for communications between WAPs and wireless clients. This means that as new threats are discovered, new algorithms can be added.

RSN uses the Advanced Encryption Standard (AES), along with 802.1x and EAP. The security protocol that RSN builds on AES is called the Counter Mode CBC MAC Protocol (CCMP). AES supports key lengths up to 256 bits, but is not compatible with older hardware. However, there is a specification designed to allow RSN and WEP to coexist on the same wireless LAN; it’s called Transitional Security Network or TSN. It’s important to note, however, that a WLAN on which some devices are still using WEP is not optimally secured.

Tip:
Current handheld devices (Pocket PCs and Palms) don’t have enough processing power to support AES, so WPA is the best security choice if you have users who store and transmit sensitive data via handhelds. A WPA/802.1x client for Pocket PC 2002/2003 and Palm is available from Meetinghouse (http://www.mtghouse.com/company/index.shtml).

Tying it All Together

802.11i takes WPA a step further. For one thing, it requires the use of AES. The good news is that AES meets government security criteria and provides stronger encryption than WPA/TKIP. The bad news is that AES has to have its own coprocessor, which means older existing wireless hardware can’t just be upgraded via software as with the transition to WPA; instead, it will have to be replaced. Hardware purchased in late 2003 and 2004 may be upgradeable via software or firmware to support 802.11i. Now that the specification has been ratified, new equipment that supports AES out of the box should soon become available.

In addition, 802.11i will encrypt the whole data frame with AES. In WEP and WPA, the RC4 cipher encrypts the data payload only.

The Wi-Fi Alliance refers to the new 802.11i standard as WPA2. Despite the potential costs of implementing it, the new wireless security standard is welcomed by most in the industry as the next, and necessary, step in protecting data that is transmitted over the airwaves. However, those with a large investment in existing hardware this isn’t compliant with AES/802.11i might find it more cost effective to implement WPA at present and transition to 802.11i more slowly.