100 likes | 248 Views
NETW 05A: APPLIED WIRELESS SECURITY 802.11i & Wi-Fi Protected Access. By Mohammad Shanehsaz Spring 2005. 802.11i. IEEE standards board approved the 802.11i security standard on Thursday, June 24, 2004.
E N D
NETW 05A: APPLIED WIRELESS SECURITY 802.11i & Wi-Fi Protected Access By Mohammad Shanehsaz Spring 2005
802.11i • IEEE standards board approved the 802.11i security standard on Thursday, June 24, 2004. • The new 802.11i standard, or WPA2, supports the 128-bit Advanced Encryption Standard (AES) • This new standard specifies use of Temporal Key Integrity Protocol (TKIP) and 802.1x/EAP with mutual authentication • 802.1x authentication and key-management features for the various 802.11 Wi-Fi flavors. • AES supports 128-bit, 192-bit and 256-bit keys. • Any wireless LAN equipment complying with this standard will require a hardware upgrade due to AES encryption
Wi-Fi Protected Access (WPA) • Wi-Fi Protected Access was co-developed by the Wi-Fi Alliance and IEEE 802.11 Task Group 1 as an interim security solution while 802.11i task group addresses the details involved with securing wireless LANs • WPA was designed to run on existing hardware as a security upgrade firmware patch • The goals were strong data encryption through TKIP and mutual authentication through 802.1x/EAP solution • WPA v1.0 was a subset of the IEEE 802.11i standard • WPA2 is the name chosen by the Wi-Fi Alliance to identify IEEE 802.11i standard gear.
Wi-Fi Protected Access (WPA) • WPA v1.0 did not include the following 802.11i items: • Secure IBSS (Independent Basic Service Set ad-hoc mode) • Secure fast handoff • Secure de-authentication and disassociation • Advanced Encryption Standard
WPA Pre-Shared Key (PSK) • WPA PSK runs in SOHO environment where there is no authentication server and no EAP framework • Allows the use of manually entered keys or passwords and is designed to be easily implemented • All the home user needs to do is enter a password in their AP or home wireless gateway and each PC associated to the WI-Fi wireless networks, WPA takes over automatically from that point • Password keeps out eavesdroppers and starts TKIP encryption process
WPA Mixed Mode Deployment • Useful in large networks with many clients with several types of authentications and encryption solutions in place during transition between legacy and leading edge security standards • Supports clients running both Wi-Fi protected access and original WEP security
Deployment and Limitations • As part of the Wi-Fi product certification, the Alliance will initially allow vendors to ship units with WPA disabled, but easily enabled and configured • Now WPA is included as a mandatory part of Wi-Fi certification testing, devices must ship with WPA enabled, a user will have to configure a master key or authentication server
Limitations • TKIP is built around WEP • Government deployments require that encryption technology be certified to comply with the Federal Information Processing Standard (FIPS) 140 standard published by National Institute of Standards and Technology (NIST) • These restrictions push manufacturers toward standardization on security solutions that implement data encryption through the use of 3DES or AES
Resources • CWSP certified wireless security professional, from McGraw-Hill