in 802.11 WEP, to 48 bits in WPA.
  • WPA Migration Mode: Cisco defines WPA Migration Mode as an access point setting to enable both WPA and non-WPA clients to associate to an access point using the same SSID.
    • 802.11i or WPA Authentication and Key Management Overview
    Figure provides an overview of 802.11i or WPA Authentication and Key management. Initial authentication using WPA is essentially identical to standard 802.11 authentication and association. The primary difference in WPA is in the initial association request (probe request) that the client and access point send. The client and access point must agree to a security capability during association. After initial association and exchange of security capabilities, the client and authentication servers proceed with standard 802.1x authentication. After successful authentication, the server derives and distributes a master key to the access point. The same master key is derived at the client. With these master keys, the access point and the client perform a four-way handshake to validate the access point, and the client validates the group or broadcast key using a two-way handshake. Unicast Keys: Four-Way Handshake
    Before the WPA handshake can occur, the pairwise master key (PMK), a 256-bit key, is generated because of the 802.1x authentication process between the client and the authentication server, or the process uses the 64-hexadecimal character preshared key (or a key stream derived from the preshared key phrase). Figure shows the four-way handshake process: Step 1 The access point sends a nonce or random number to the client. Step 2 The client responds to the access point with the client’s own nonce or random number, along with the WPA information element, pairwise transient key (PTK), and MIC key information. Step 3 The access point sends the nonce again, along with the information element, PTK, MIC key information, and install message. The re-sending of this information validates that the client and access point share common authentication information. Step 4 The client sends MIC key information and the PTK to the access point for acknowledgment. Note
    A pseudorandom function (PRF) is used to compute the PTK as a function of client and access point random numbers and the MAC addresses of the access point and client. Group Key Handshake
    The group master key (GMK) is either generated using a random number function or is initialized by the first PTK that the access point uses. When the access point has the GMK, a group random number is generated. This random number is used to derive a group transient key (GTK). Inputs are a PRF that uses the random number and the access point address. The GTK is used to provide a group key as well as MIC keys, which can be used to verify the integrity of the key data. WPA Key Management Phases
    As part of WPA compliance, an access point must be capable of advertising security capabilities in the access point’s 802.11 beacons. This process describes the unicast, multicast, and authentication types that are supported. From the capabilities advertised by the access point, the client selects the “best” supported security type for the client authentication. After the client has determined an authentication type, the client proceeds with open authentication using either 802.1x to a RADIUS server or using a preshared key between the access point and the client. This process has the advantage of mutual authentication of client and server as well as providing a centralized resource for client admission control. Upon completing standard 802.1x or EAP messaging between the client and server, a master key is independently generated at the server and client. This master key is then used to derive a PTK that is used in the authentication of the encryption key components that the access point and the client use between each other.
    Content 6.2 Introducing Wireless Security 6.2.11 WPA Issues WPA is an updated security option that was intended to address attacks on static WEP keys, but the WPA solution also has some problems. The Temporal Key Integrity Protocol (TKIP) that WPA uses is an enhancement to the basic security mechanism that 802.11 WEP (RC4 encryption) defines. Note that TKIP is a “wrapper” around the WEP and RC4 encryption mechanism. WPA relies on RC4 instead of 3DES, AES, or another encryption algorithm. WPA requires access point firmware support—there is no guarantee that all wireless access point manufacturers will release firmware upgrades for older models to allow the models to support WPA. WPA requires software driver support for wireless cards—there is no guarantee that all wireless card manufacturers will release software driver upgrades for older models to allow older models to support WPA. WPA requires operating system support or a supplicant client—the WPA security mechanisms rely on 802.1x or EAP support directly in the operating system or via a supplicant client such as the Funk Software Odyssey Client. Moving to WPA is sometimes an all-or-nothing proposition. Some vendors may not allow mixing WEP and WPA devices. Note that the Wi-Fi Alliance does not recommend mixing WEP and WPA. Mixing is sometimes not actually possible because some vendors have no intention of releasing WPA software upgrade patches for older wireless hardware (some vendors would prefer to sell newer wireless gear with WPA support). This means that some organizations that want to deploy WPA may have to replace a significant amount of their wireless infrastructure. EAP deployment can be a significant undertaking, given that there are so many variants (EAP-Message Digest 5 [EAP-MD5], EAP-TLS, EAP-Tunneled TLS [EAP-TTLS], PEAP, LEAP, EAP-Subscriber Identity Module [EAP-SIM], EAP-Flexible Authentication via Secure Tunneling [EAP-FAST] and so on), each with individual shortcomings and installation issues. EAP also requires the use of an external RADIUS server to authenticate the incoming wireless user connection attempts. Because each manufacturer may offer different EAP methods in the firmware and driver software, customers may not be able to use existing wireless equipment and will be forced to purchase new equipment that supports the chosen EAP method. To maintain backward hardware compatibility, MIC was designed to incur very little computational overhead. As a result, MIC offers only 20 bits of effective security. WPA is susceptible to a new type of DoS attack based on countermeasure techniques that MIC employs. If an access point that runs WPA receives two packets in quick succession with bad MICs, the access point shuts down the entire basic service set (BSS) for one minute. WPA is susceptible to a recently discovered weakness when preshared keys are used instead of 802.11i or EAP; the use of a small, noncomplex passphrase can allow an attacker to perform a dictionary attack on captured traffic and recover the passphrase. These issues, summarized in Figure , led to the 802.11i standard, which was ratified in June 2004 and added three features: The Wi-Fi Alliance WPA2 standard provides third-party testing and certification that WLAN devices must pass. WPA2 Overview
    WPA2 is a new security standard that the IEEE 802.11i task group developed. The Robust Security Network (RSN) specification is the IEEE equivalent of WPA2. WPA2 supports TKIP and generally uses AES block ciphers with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for encryption: The 802.11i and WPA2 standards are summarized in Figure . Wireless IDSs
    Figure summarizes the characteristics