Man Pages

wpa_background(8) - phpMan wpa_background(8) - phpMan

Command: man perldoc info search(apropos)  


WPA_BACKGROUND(8)                                            WPA_BACKGROUND(8)



NAME
       wpa_background - Background information on Wi-Fi Protected Access and IEEE 802.11i

WPA
       The  original  security  mechanism  of  IEEE 802.11 standard was not designed to be strong and has proven to be
       insufficient for most networks that require some kind of security. Task group I (Security) of IEEE 802.11 work-
       ing group (http://www.ieee802.org/11/) has worked to address the flaws of the base standard and has in practice
       completed its work in May 2004. The IEEE 802.11i amendment to the IEEE 802.11 standard  was  approved  in  June
       2004 and published in July 2004.

       Wi-Fi  Alliance  (http://www.wi-fi.org/)  used a draft version of the IEEE 802.11i work (draft 3.0) to define a
       subset of the security enhancements that can be implemented with existing wlan hardware. This is  called  Wi-Fi
       Protected  Access<TM> (WPA). This has now become a mandatory component of interoperability testing and certifi-
       cation done by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web site (http://www.wi-fi.org/Open-
       Section/protected_access.asp).

       IEEE  802.11  standard  defined  wired equivalent privacy (WEP) algorithm for protecting wireless networks. WEP
       uses RC4 with 40-bit keys, 24-bit initialization vector (IV), and CRC32 to protect against packet forgery.  All
       these  choices have proven to be insufficient: key space is too small against current attacks, RC4 key schedul-
       ing is insufficient (beginning of the pseudorandom stream should be skipped), IV space  is  too  small  and  IV
       reuse  makes  attacks  easier,  there  is  no  replay protection, and non-keyed authentication does not protect
       against bit flipping packet data.

       WPA is an intermediate solution for the security issues. It uses Temporal  Key  Integrity  Protocol  (TKIP)  to
       replace  WEP.  TKIP  is a compromise on strong security and possibility to use existing hardware. It still uses
       RC4 for the encryption like WEP, but with per-packet RC4 keys. In addition, it  implements  replay  protection,
       keyed packet authentication mechanism (Michael MIC).

       Keys can be managed using two different mechanisms. WPA can either use an external authentication server (e.g.,
       RADIUS) and EAP just like IEEE 802.1X is using or pre-shared keys without need for  additional  servers.  Wi-Fi
       calls  these  "WPA-Enterprise" and "WPA-Personal", respectively. Both mechanisms will generate a master session
       key for the Authenticator (AP) and Supplicant (client station).

       WPA implements a new key handshake (4-Way Handshake and Group Key Handshake) for generating and exchanging data
       encryption  keys  between  the  Authenticator  and  Supplicant. This handshake is also used to verify that both
       Authenticator and Supplicant know the master session key. These handshakes  are  identical  regardless  of  the
       selected key management mechanism (only the method for generating master session key changes).

IEEE 802.11I / WPA2
       The  design  for parts of IEEE 802.11i that were not included in WPA has finished (May 2004) and this amendment
       to IEEE 802.11 was approved in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a  new  version  of
       WPA  called  WPA2. This includes, e.g., support for more robust encryption algorithm (CCMP: AES in Counter mode
       with CBC-MAC) to replace TKIP and optimizations for handoff (reduced number of messages in  initial  key  hand-
       shake, pre-authentication, and PMKSA caching).

SEE ALSO
       wpa_supplicant(8)

LEGAL
       wpa_supplicant is copyright (c) 2003-2007, Jouni Malinen <jATw1.fi> and contributors.  All Rights Reserved.

       This  program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your
       option.



                               07 September 2010             WPA_BACKGROUND(8)