WPA is a standard-based security solution from the Wi-Fi Alliance that
addresses the vulnerabilities in native WLANs. WPA provides enhanced data
protection and access control for WLAN systems. WPA addresses all known Wired
Equivalent Privacy (WEP) vulnerabilities in the original IEEE 802.11 security
implementation and brings an immediate security solution to WLAN networks in
both enterprise and small office, home office (SOHO) environments.
WPA2 is the next generation of Wi-Fi security. WPA2 is the Wi-Fi Alliance interoperable implementation of the ratified IEEE 802.11i standard. WPA2 implements the National Institute of Standards and Technology (NIST)-recommended Advanced Encryption Standard (AES) encryption algorithm with the use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES Counter Mode is a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key. WPA2 offers a higher level of security than WPA. WPA2 creates fresh session keys on every association. The encryption keys that WPA2 uses for each client on the network are unique and specific to that client. Ultimately, every packet that is sent over the air is encrypted with a unique key.
Both WPA1 and WPA2 can use either TKIP or CCMP encryption. (It is true that some access points and some clients restrict the combinations, but there are four possible combinations). The difference between WPA1 and WPA2 is in the information elements that get put into the beacons, association frames, and 4-way handshake frames. The data in these information elements is basically the same, but the identifier used is different. The main difference in key handshake is that WPA2 includes the initial group key in the 4-way handshake and the first group key handshake is skipped, whereas WPA needs to do this extra handshake to deliver the initial group keys. Re-keying of the group key happens in the same way. The handshake occurs before the selection and use of the cipher suite (TKIP or AES) for the transmission of user datagrams. During the WPA1 or WPA2 handshake, the cipher suite to use is determined. Once selected, the cipher suite is used for all user traffic. Thus WPA1 plus AES is not WPA2. WPA1 allows for (but often is client side limited) either the TKIP or AES cipher.
WPA2 is the next generation of Wi-Fi security. WPA2 is the Wi-Fi Alliance interoperable implementation of the ratified IEEE 802.11i standard. WPA2 implements the National Institute of Standards and Technology (NIST)-recommended Advanced Encryption Standard (AES) encryption algorithm with the use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES Counter Mode is a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key. WPA2 offers a higher level of security than WPA. WPA2 creates fresh session keys on every association. The encryption keys that WPA2 uses for each client on the network are unique and specific to that client. Ultimately, every packet that is sent over the air is encrypted with a unique key.
Both WPA1 and WPA2 can use either TKIP or CCMP encryption. (It is true that some access points and some clients restrict the combinations, but there are four possible combinations). The difference between WPA1 and WPA2 is in the information elements that get put into the beacons, association frames, and 4-way handshake frames. The data in these information elements is basically the same, but the identifier used is different. The main difference in key handshake is that WPA2 includes the initial group key in the 4-way handshake and the first group key handshake is skipped, whereas WPA needs to do this extra handshake to deliver the initial group keys. Re-keying of the group key happens in the same way. The handshake occurs before the selection and use of the cipher suite (TKIP or AES) for the transmission of user datagrams. During the WPA1 or WPA2 handshake, the cipher suite to use is determined. Once selected, the cipher suite is used for all user traffic. Thus WPA1 plus AES is not WPA2. WPA1 allows for (but often is client side limited) either the TKIP or AES cipher.
No comments:
Post a Comment