WPA (Wi-Fi Protected Access) is an interim standard by the WiFi Alliance. WPA will most likely be rolled into the eventual IEEE 802.11i standard.
WPA (W-Fi Protected Access) Modes of Operations
WPA (Wi-Fi Protected Access) features two very different modes of operation:
|WPA Enterprise Mode||WPA PSK (Pre-Shared Key) Mode|
|Requires an authentication server||Does not require an authentication server|
|Uses RADIUS protocols for authentication and key distribution||Shared secret is used for authentication|
|Centralizes management of user credentials||Device-oriented management of user credentials|
The PSK (Pre-Shared Key) Mode of WPA is vulnerable to the same risks as any other shared password system, such as dictionary attacks. PSK Mode also suffers from the same key management difficulties as any system where the key is shared among multiple users, such as the difficulties in removing a user once access has been granted.
The Enterprise Mode of WPA benefits from the maturity of the RADIUS architecture -- but it requires a RADIUS server. This is not something that will benefit most home users.
Security Enhancements in WPA (Wi-Fi Protected Access)
WPA provides additional security by:
- Requiring authentication using 802.1X
- Requiring re-keying using TKIP
- Augmenting the ICV (Integrity Check Value) with a MIC (Message Integrity Check), to protect the header as well as the payload
- Implementing a frame counter to discourage replay attacks
For more information on WPA, visit WPA at Hackers Central.