S P E C I A L F E AT U R E :
NEXT GENERATION
WPA: How it works
By Jon A. LaRosa
W
i-Fi Protected Access (WPA)
addresses most known Wired
Equivalent Privacy (WEP)
vulnerabilities and is primar-
ily intended for wireless infrastructure
networks as found in the enterprise. This
infrastructure includes stations, access
points, and authentication servers (typi-
cally RADIUS servers). The RADIUS
server holds (or has access to) user
credentials (user names and passwords)
and authenticates wireless users before
they gain access to the network. In this
article, Jon will discuss how WPA works
and provide insight into its function.
WPA
WPA strength comes from an integrated
sequence of operations that encompass
802.1X/EAP (Extensible Authentication
Protocol) authentication and sophisticated
key management and encryption tech-
niques. Its major operations include:
 Network security capability
determination: WPA information
elements in Beacon, Probe Response,
and (Re) Association Requests
communicate this at the 802.11 lev-
els. Information in these elements
includes the authentication method
(802.1X or pre-shared key) and the
preferred cipher suite, which includes
WEP, Temporal Key Integrity
Protocol (TKIP), or Advanced
Encryption Standard (AES).
Reprinted from CompactPCI Systems / April 2004
TELECOM
 Authentication: EAP over 802.1X
performs authentication. Mutual
authentication is gained by choosing
an EAP type supporting this feature
and is required by WPA. 802.1X port
access control prevents full access to
the network until authentication com-
pletes. WPA uses 802.1X EAPOL-
Key packets to distribute per-session
keys to those stations successfully
authenticated.
 Key management: WPA features a
robust key generation/management
system that integrates the authentica-
tion and data privacy functions. The
system generates keys after success-
ful authentication and through a sub-
sequent four-way handshake between
the station and Access Point (AP).
 Data Privacy (Encryption):
WPA uses TKIP to wrap WEP in
sophisticated cryptographic and
security techniques to overcome
most WEP weaknesses.
 Data integrity: TKIP includes a
Message Integrity Code (MIC) at
the end of each plain text message
to ensure messages are not being
spoofed.
Figure 1 illustrates a wireless networkʼs
typical data path.
WPA bases its network capability deter-
mination feature on changing the 802.11
formats of Beacon, Probe Response, and
Figure 1
(Re) Association Request frames. As
Figure 2 shows, these 802.11 frames now
contain network capability information in
a WPA information element. The primary
information the Beacon frames convey is
the authentication method and the cipher
suite. Possible authentication methods
include 802.1X and pre-shared key. The
pre-shared key authentication method uses
a statically configured pass phrase on both
the stations and the access point. This obvi-
ates the need for an authentication server,
which in many home and small office envi-
ronments will not be available or desirable.
Possible cipher suites include:
 WEP
 TKIP
 AES
The supplicant in the station uses the
authentication and cipher suite informa-
tion contained in the information elements
to decide which authentication method
and cipher suite to use. For example, if
the access point is using the pre-shared
key method, then the supplicant need not
authenticate using full-blown 802.1X.
Rather, the supplicant must simply prove
to the access point that it is in possession
of the pre-shared key. If the supplicant
detects that the service set does not con-
tain a WPA information element, then
it knows it must use pre-WPA 802.1X
authentication and key management in
order to access the network.
Copyright 2004
T E C H N O L O G Y F E AT U R E :

HIGH AVAILABILITY

Figure 2

WPAʼs authentication process is primarily

802.1X/EAP as shown in Figure 2 (again,
a small office or home environment can
opt to deploy the pre-shared key method).
This mode restricts WPA to those EAP
methods that support mutual authentica-
tion of the supplicant and authentication
server, such as TLS, TTLS, LEAP, and
PEAP. Port access control is maintained
pending successful authentication by
802.1X.

The mutual authentication process in-

cludes generating a Pairwise Master Key
(PMK) on the station and RADIUS server,
and the RADIUS server sends the PMK to
the AP over a secure channel. This is not
different than pre-WPA 802.1X authenti-
cation. What is different is that WPA never
uses the PMK directly with encryption or
hashing functions, but instead uses it to
generate transient keys for the subsequent
encryption and hash functions. Using
transient keys is important because of the
weak key attack described earlier. The
PMK is never directly involved in gener-
ating keystreams for encryption, and this
helps thwart any weak key attacks. Figure
3 shows the breakdown of the PMK inter-
action.
Figure 3
Jon LaRosa is a Technical Consultant
for Meetinghouse. Jon represents
Meetinghouse as a voting member of
the IEEE 802.11i committee. With 12
plus years of experience in the design
and development of mission-critical
enterprise networking applications,
including 802.1X WPA authentica-
tion solutions, Jon is regarded as an
expert in network and data security.
As a developer of Ethernet switching
technology, Jon has contributed to
the development of Hewlett-Packardʼs
ProCurve product family. He received
his Masters of Science degree in
Computer Science from the University
of New Hampshire.
For further information, contact Jon at:
Meetinghouse
Tel: 603-430-7710
Email: jal@mtghouse.com
Website: www.mtghouse.com

Reprinted from CompactPCI Systems / April 2004 Copyright 2004