Escolar Documentos
Profissional Documentos
Cultura Documentos
W
i-Fi Protected Access (WPA) Authentication: EAP over 802.1X (Re) Association Request frames. As
addresses most known Wired performs authentication. Mutual Figure 2 shows, these 802.11 frames now
Equivalent Privacy (WEP) authentication is gained by choosing contain network capability information in
vulnerabilities and is primar- an EAP type supporting this feature a WPA information element. The primary
ily intended for wireless infrastructure and is required by WPA. 802.1X port information the Beacon frames convey is
networks as found in the enterprise. This access control prevents full access to the authentication method and the cipher
infrastructure includes stations, access the network until authentication com- suite. Possible authentication methods
points, and authentication servers (typi- pletes. WPA uses 802.1X EAPOL- include 802.1X and pre-shared key. The
cally RADIUS servers). The RADIUS Key packets to distribute per-session pre-shared key authentication method uses
server holds (or has access to) user keys to those stations successfully a statically configured pass phrase on both
credentials (user names and passwords) authenticated. the stations and the access point. This obvi-
and authenticates wireless users before Key management: WPA features a ates the need for an authentication server,
they gain access to the network. In this robust key generation/management which in many home and small office envi-
article, Jon will discuss how WPA works system that integrates the authentica- ronments will not be available or desirable.
and provide insight into its function. tion and data privacy functions. The Possible cipher suites include:
system generates keys after success-
WPA ful authentication and through a sub- WEP
WPA strength comes from an integrated sequent four-way handshake between TKIP
sequence of operations that encompass the station and Access Point (AP). AES
802.1X/EAP (Extensible Authentication Data Privacy (Encryption):
Protocol) authentication and sophisticated WPA uses TKIP to wrap WEP in The supplicant in the station uses the
key management and encryption tech- sophisticated cryptographic and authentication and cipher suite informa-
niques. Its major operations include: security techniques to overcome tion contained in the information elements
most WEP weaknesses. to decide which authentication method
Network security capability Data integrity: TKIP includes a and cipher suite to use. For example, if
determination: WPA information Message Integrity Code (MIC) at the access point is using the pre-shared
elements in Beacon, Probe Response, the end of each plain text message key method, then the supplicant need not
and (Re) Association Requests to ensure messages are not being authenticate using full-blown 802.1X.
communicate this at the 802.11 lev- spoofed. Rather, the supplicant must simply prove
els. Information in these elements to the access point that it is in possession
includes the authentication method Figure 1 illustrates a wireless networkʼs of the pre-shared key. If the supplicant
(802.1X or pre-shared key) and the typical data path. detects that the service set does not con-
preferred cipher suite, which includes tain a WPA information element, then
WEP, Temporal Key Integrity WPA bases its network capability deter- it knows it must use pre-WPA 802.1X
Protocol (TKIP), or Advanced mination feature on changing the 802.11 authentication and key management in
Encryption Standard (AES). formats of Beacon, Probe Response, and order to access the network.
Figure 1
HIGH AVAILABILITY
Figure 2