|
|
WPA: It's like WEP, but GoodWLAN (wireless local area networks) that follow the various IEEE (Institute of Electrical and Electronics Engineers) standards that are grouped together under the number/name of 802.11 have had problems with security since the first commercial products were introduced a few years ago. The security methods that were provided in the first implementations of 802.11 were found to be vulnerable to attacks that compromised the confidentiality of the data sent out over the WLAN. WPA (Wi-Fi protected access) is an update of these security measures that fixes both the ciphers and the authentication methods used in the protocol.WPA increases Wi-Fi WEP security in two ways: it fixes the problem with an easily cracked key, and makes authentication of users possible. That they did it without breaking all the hardware that has already been purchased (save for a needed firmware upgrade at most) is testament to some very wise engineering that went on in the development process. This time, users won.What has gone before WPABefore the security improvements that have recently been introduced to 802.11 by WPA can be understood, the original security mechanism used has to be somewhat explained. This is because both the original and the improvements share common ground in their functioning.The first security mechanism that was used in the 802.11 protocol is called WEP (wired equivalent protocol). It operates in the MAC (medium access control) layer of the system. The MAC Layer manages and maintains communications between the various 802.11 stations (the radio network cards and access points) by coordinating access to a shared radio channel. The 802.11 MAC Layer uses an 802.11 Physical (PHY) Layer, such as 802.11b or 802.11a, to perform the actual tasks of carrier sensing, transmission, and receiving of the 802.11-defined frames of information. The MAC layer is the layer where the logical decisions about the configuration (as well as the authentication) of the WLAN are made.Authentication in these 802.11 systems can be either "open" or "shared key". If the system is open, any wireless station that adheres to the standard and is in transmit/receive range can be added to the WLAN as a full-fledged member. To authenticate a station trying to join the WLAN with shared key is a four-step process. First, one station will start the process by requesting authentication. The destination station then sends the originator some text. The originator encrypts the text using the shared key both stations are assumed to possess, and sends it back to the destination. The destination compares the decrypted response to the original challenge text and, if they match, lets the originator join the WLAN. After authentication, WEP—which is optional and separate from this shared key ("password") access gate—carries this concept one step further by encrypting just the body and CRC (cyclic redundancy check) of a message (but not the headers) with the shared key. Next Page: Encrypting data packets using TKIP.
|
|
|
Data Protection Virtual Tradeshow
Available On-Demand
Join Cameron Crotty and experts as they explore best practices and solutions needed to maintain a secure flow of data.
|
|
|
