A discussion of why 802.11i (WPA2) provides stronger wireless security than WiFi Protected Access (WPA) and WEP, why there is a need for a new standard and why you should use it.
We’ve already looked at why WPA is better than WEP, so why have a new 802.11i security standard? Isn’t WPA good enough?
WPA has, rightly, been admired as a masterpiece of retro engineering. It addresses the weaknesses of WEP and the result is a very secure security system that is backwardly compatible with most existing WiFi compliant equipment. WPA is a practical solution that will provide more than adequate security for most wireless network applications.
However WPA is in the end a compromise solution. It still relies on the RC4 encryption algorithm and TKIP (Temporary Key Integrity Protocol). Although unlikely, the possibility of new weaknesses being discovered still exists.
A completely new security system, avoiding the design flaws of WEP entirely, represents the best long term, scalable solution to wireless LAN security. To this end the standards committee decided to design a new security system from the ground up. This is the new 802.11i standard, also known as WPA2 by the WiFi Alliance.
What is 802.11i?
802.11i uses the concept of a Robust Security Network (RSN). In RSN wireless devices need to support additional capabilities. This requires new hardware and software drivers making a fully compliant RSN network incompatible with existing WEP equipment. In the transitional period both RSN and WEP equipment will be supported, (in fact WPA/TKIP was a solution designed to make use of older equipment) but in the longer term WEP devices will be phased out.
802.11i allows for various network implementations and can use TKIP, but by default RSN uses AES (Advanced Encryption Standard) and CCMP (Counter Mode CBC MAC Protocol) and it is this which provides for a stronger, scalable solution.
What is AES/CCMP?
Advanced Encryption Standard (AES) is the cipher system used by RSN. It is the equivalent of the RC4 algorithm used by WPA. However the encryption mechanism is much more complex and does not suffer from the problems associated with WEP. AES is a block cipher, operating on blocks of data 128bits long.
CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result.
One of the worst aspects of WEP was the management of the secret keys. Many administrators found it impractical to manage keys in larger networks. As a result WEP keys were often not changed making it easier for hackers.
RSN defines a hierarchy of limited life keys, similar to TKIP. AES/CCMP requires 512bits to accommodate all the keys, less than TKIP.
Also like TKIP master keys are not used directly, but are used to derive other keys. Fortunately the administrator only needs to provide a single master key.
Messages are encrypted using a secret key (128bits) and a 128bit block of data. The encryption process is complex, but again the administrator does not need to be aware of the intricacies of the computations. The end result is encryption that is much harder to break than even WPA.
AES is based on a design principle known as a substitution-permutation network, and is fast in both software and hardware.[6] Unlike its predecessor DES, AES does not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By contrast, the Rijndael specification per se is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some versions of Rijndael have a larger block size and have additional columns in the state. Most AES calculations are done in a special finite field.
The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of repetition are as follows:
10 cycles of repetition for 128-bit keys.
12 cycles of repetition for 192-bit keys.
14 cycles of repetition for 256-bit keys.
Each round consists of several processing steps, including one that depends on the encryption key itself. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.