WPA - An accident waiting to happen

WPA can be a better option. Unfortunately, the easiest way to use it actually makes it easier to crack than WEP.

WPA is an industry specification the Wi-Fi Alliance pushed into adoption. This cooperative of wireless manufacturers - worried that WEP would stall sales - took an early draft of the IEEE 802.11i wireless security standard, pulled out some harder-to-implement pieces, such as AES encryption, and created WPA. Vendors shipped certified WPA products just five months after announcing the specification.

WPA enhances security in several ways. The most obvious is in the encryption protocol. WPA uses TKIP to improve the key usage in wireless encryption. Although TKIP uses the same base encryption algorithm - RC4 - as WEP, the way it selects and changes keys resolves many of the issues surrounding WEP. WPA also improves the integrity aspects of 802.11 by making it virtually impossible to inject messages into a wireless conversation or to modify a message on the fly.

Cracking the wireless security code

Security picks

What we tested

WEP: Stick a fork in it

802.1X: A stepping stone

802.11i: The next big thing

Security standards aside, lock down your boxes, boys!

Wireless Access Point: Wire-side security testing (PDF)

How to do it: Securing your wireless LAN

Tools, not standards, that help tie down wireless nets

Glossary of wireless security terms

Explaining TKIP

How we did it

Archive of Network World reviews

Subscribe to the Product Review newsletter

The primary improvement in WPA is the per-session encryption key. Every time a station associates, a new encryption key is generated based on some per-session random numbers and the media access control (MAC) addresses of the station and the access point. WPA sounds like a major improvement, and it is - if it's used correctly.

Unfortunately, the easiest way to use WPA actually makes it easier to crack than WEP. When 802.1X authentication is not used in WPA, a simpler system called Pre-Shared Key (PSK) is. PSK offers a long-lived password that everyone who wants to connect to the WLAN has to know. All the wireless devices we tested with the exception of the Linksys adapter card support WPA-PSK (see graphic, below.)

With WPA-PSK, if you don't make your password long, you're susceptible to an offline dictionary attack where an attacker grabs a few packets at the time a legitimate station joins the wireless network and then can take those packets and recover the PSK used. An attacker can get what he needs to guess the PSK and get out without anyone noticing. This can occur because the attacker doesn't have to be near the WLAN for more than a few seconds, and the LAN doesn't have to be very busy.

Of course, this type of attack depends on people choosing poor passwords. So if you force users to type in a 64-digit hexadecimal number when they configure their wireless connection information, then you are covered. But most folks use the passphrase mechanism built into WPA, which converts an eight- to 63-character string you type in to the 64-digit key. More than half of the products we tested only let you enter a passphrase - you can't put in the 64-digit hex key even if you wanted to.

The innate problem is that a passphrase is easy to guess. The IEEE committee that wrote 802.11i pointed out that an eight- to 10-character passphrase actually has less than the 40 bits of security that the most basic version of WEP offers, and says that a passphrase "of less than about 20 characters is unlikely to deter attacks."

As with WEP, wireless cracking tools exist that are specifically designed to recover the PSK from a WPA-protected network. We used the KisMAC tool to demonstrate that an eight-character PSK can be recovered using off-the-shelf tools against any product using such a short password with only a few days of work.

WPA with 802.1X authentication - sometimes called WPA-Enterprise - yields a very tight network. 802.1X offers strong positive authentication for both the station and the WLAN infrastructure, while deriving a secure, per-session encryption key that is not vulnerable to any casual attack. This security comes with a cost because 802.1X authentication requires a significant infrastructure including 802.1X-compliant RADIUS server with a digital certificate, and client software for every user that supports 802.1X and whichever authentication mode you use.

If you're looking for the best wireless security you can get today, 802.1X authentication combined with WPA's improved encryption is the closest thing we've got to an ideal solution. Finding good products at all prices that combine 802.1X and WPA is not difficult. However, WPA-based products should give way quickly as more 802.11i-based products hit the marketplace this fall.

Tracking support for various WPA authentication methods

Wireless access points and switches have almost unanimous support for both WPA pre-shared keys and 802.1X authentication methods. But on the client side, the wireless NICs tested varied considerably on this point with PEAP/MSCHAPv2 standing as the lowest common denominator.
Product TypeVendorSupports WPA Pre-Shared Key802.1X authentication methods supported in conjunction with WPA
Wireless adapters   3Com Yes LEAP, Serial authentication, EAP-TLS, PEAP/MSCHAPv2, TTLS/PAP, TTLS/MSCHAPv2
BuffaloYesNot supported
LinksysNoNot supported
Wireless access pointsVendorSupports WPA Pre-Shared KeySupports WPA used with 802.1X*
LinksysYesUses proprietary authentication system
Wireless switchesAirespaceYesYes
*While WLAN clients must support specific 802.1X authentication methods, the wireless access points and the switches merely have to support the authenticated tunnel.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10