WPA - An accident waiting to happen

WPA is an industry specification the Wi-Fi Alliance pushed into adoption. This cooperative of wireless manufacturers - worried that WEP would stall sales - took an early draft of the IEEE 802.11i wireless security standard, pulled out some harder-to-implement pieces, such as AES encryption, and created WPA. Vendors shipped certified WPA products just five months after announcing the specification.

WPA enhances security in several ways. The most obvious is in the encryption protocol. WPA uses TKIP to improve the key usage in wireless encryption. Although TKIP uses the same base encryption algorithm - RC4 - as WEP, the way it selects and changes keys resolves many of the issues surrounding WEP. WPA also improves the integrity aspects of 802.11 by making it virtually impossible to inject messages into a wireless conversation or to modify a message on the fly.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

WPA is an industry specification the Wi-Fi Alliance pushed into adoption. This cooperative of wireless manufacturers - worried that WEP would stall sales - took an early draft of the IEEE 802.11i wireless security standard, pulled out some harder-to-implement pieces, such as AES encryption, and created WPA. Vendors shipped certified WPA products just five months after announcing the specification.

WPA enhances security in several ways. The most obvious is in the encryption protocol. WPA uses TKIP to improve the key usage in wireless encryption. Although TKIP uses the same base encryption algorithm - RC4 - as WEP, the way it selects and changes keys resolves many of the issues surrounding WEP. WPA also improves the integrity aspects of 802.11 by making it virtually impossible to inject messages into a wireless conversation or to modify a message on the fly.

The primary improvement in WPA is the per-session encryption key. Every time a station associates, a new encryption key is generated based on some per-session random numbers and the media access control (MAC) addresses of the station and the access point. WPA sounds like a major improvement, and it is - if it's used correctly.

Unfortunately, the easiest way to use WPA actually makes it easier to crack than WEP. When 802.1X authentication is not used in WPA, a simpler system called Pre-Shared Key (PSK) is. PSK offers a long-lived password that everyone who wants to connect to the WLAN has to know. All the wireless devices we tested with the exception of the Linksys adapter card support WPA-PSK (see graphic, below.)

With WPA-PSK, if you don't make your password long, you're susceptible to an offline dictionary attack where an attacker grabs a few packets at the time a legitimate station joins the wireless network and then can take those packets and recover the PSK used. An attacker can get what he needs to guess the PSK and get out without anyone noticing. This can occur because the attacker doesn't have to be near the WLAN for more than a few seconds, and the LAN doesn't have to be very busy.

Of course, this type of attack depends on people choosing poor passwords. So if you force users to type in a 64-digit hexadecimal number when they configure their wireless connection information, then you are covered. But most folks use the passphrase mechanism built into WPA, which converts an eight- to 63-character string you type in to the 64-digit key. More than half of the products we tested only let you enter a passphrase - you can't put in the 64-digit hex key even if you wanted to.