• IT
  • internet.com/IT
  • internet.com/CIO
  • internet.com/Security
  • internet.com/Networking
  • internet.com/Storage
  • bITa Planet
  • CIO Update
  • Database Journal
  • Datamation
  • Enterprise IT Planet
  • Enterprise Networking Planet
  • Enterprise Storage Forum
  • eSecurity Planet
  • Hardware Central
  • Intranet Journal
  • ISP Planet
  • ITSMwatch
  • IT Channel Planet
  • Linux Planet
  • Open Networks Today
  • ServerWatch
  • VoIP Planet
  • WebVideoUniverse
  • Wi-Fi Planet
  • WinDrivers.com
  • Network Map
• Developer
  • internet.com/Developer
  • 15 Seconds
  • 4GuysFromRolla.com
  • ASP101
  • CodeGuru
  • Developer.com
  • DevX
  • FlashKit.com
  • Gamelan
  • JARS
  • JavaScript.com
  • JavaScriptSource
  • PHPBuilder.com
  • ScriptSearch
  • VB Forums
  • VB Wire
  • WebDeveloper.com
  • Webreference
  • Network Map
• News
  • Internetnews.com
  • Linux Today
  • Network Map
• Small Business
  • Ecommerce Guide
  • Refer-It
  • SmallBusinessComputing
  • Webopedia
  • WinPlanet
  • Network Map
• Personal Tech
  • BlackBerryToday
  • iPhoneGuide
  • Jumbo
  • Megapixel.net
  • Palm Boulevard
  • PDAStreet
  • PocketPCWire
  • SharkyExtreme
  • Smart Phone Today
  • The List: ASPs
  • The List: Broadband
  • The List: ISPs
  • The List: WebHosts
  • The List: WebDesigners
  • Wi-FiHotSpotList
  • WindowsMobileToday
  • Network Map

• Events
  • JupiterEvents
  • internet.com/webcasts
• Jobs
• Partners
• Solutions
  • eBooks
  • Video
• Shop

• Login
  • Manage My Profile
• Register
  • Why Join?

Search Search internet.com

Subscribe Now! Wi-Fi Planet.com's Daily Newsletter More Free Newsletters Wi-Fi Glossary Find a Wi-Fi Term Wi-Fi® is a registered certification mark of the Wi-Fi Alliance internet.commerce Be a Commerce Partner Laptops KVM over IP Phone Cards Logo Design Web Design Computer Deals Boat Donations Hurricane Shutters Shop Online Promotional Pens Corporate Gifts Promote Your Website Promotional Golf Memory Upgrades internet.com IT Developer Internet News Small Business Personal Technology International Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Managing the Modern Network Sponsored by HP In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »     Business Service Management: Generate Revenue Through IT Sponsored by HP IT must now help organizations attract, retain and grow customer relationships and increase customer satisfaction. Business service management (BSM) helps lay the foundation by managing services in dynamic support of business requirements. Learn more. »     Evaluating Software as a Service for Your Business Sponsored by Webroot Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »     Storage Networking: Configuration and Planning Sponsored by HP The most critical part of setting up a SAN is configuring each individual disk array. This guide examines configurations for SAN-attached servers and disk arrays, and looks at the future of IP storage. »     Is Your Disaster Recovery Plan Good Enough? Sponsored by HP Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »   >> Wi-Fi Planet Marketplace RELATED ARTICLES VPNs, Dot-One-X and the Mailman WLAN Security's Slippery Slope Analyzer Detects Wireless LAN Security, Performance Problems 14-Day Qualys Trial: Find Out in Minutes if Your Network is Vulnerable! Scan for the latest vulnerabilities & receive a detailed risk assessment report. Sign up now. WPA Security Enhancements By Jim Geier March 20, 2003 As we've discussed in a previous tutorial, 802.11 Wired Equivalent Privacy (WEP) doesn't provide enough security for most enterprise wireless LAN applications. Because of static key usage, it's fairly easy to crack WEP with off-the-shelf tools. This motivates IT managers to use stronger dynamic forms of WEP. The problem to date, however, is that these enhanced security mechanisms are proprietary, making it difficult to support multi-vendor client devices. The 802.11i standard will eventually solve the issues, but it's not clear when the 802.11 Working Group will ratify the 802.11i standard. As a result, the Wi-Fi Alliance has taken a bold step forward to expedite the availability of effective standardized wireless LAN security by defining Wi-Fi Protected Access (WPA) while promoting interoperability. With WPA, an environment having many different types of 802.11 radio NICs, such as public hotspots, can benefit from enhanced forms of encryption. Inside WPA WPA is actually a snapshot of the current version of 802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms. The combination of these two mechanisms provides dynamic key encryption and mutual authentication, something much needed in WLANs. As with WEP, TKIP uses the RC4 stream cipher provided by RSA Security to encrypt the frame body and CRC of each 802.11 frame before transmission. The issues with WEP don't really have much to do with the RC4 encryption algorithm. Instead, the problems primarily relate to key generation and how encryption is implemented. TKIP adds the following strengths to WEP: 48-bit initialization vectors. WEP produces what's referred to as a "keyschedule" by concatenating a shared secret key with a randomly-generated 24-bit initialization vector (IV). WEP inputs the resulting keyschedule into a pseudo-random number generator that produces a keystream equal to the length of the 802.11 frame's payload. With a 24 bit IV, though, WEP eventually uses the same IV for different data packets. In fact, the reoccurrence of IVs with WEP can happen within an hour or so in busy networks. This results in the transmission of frames having encrypted frames that are similar enough for a hacker to collect frames based on the same IV and determine their shared values, leading to the decryption of the 802.11 frames. WPA with TKIP, however, uses 48-bit IVs that significantly reduce IV reuse and the possibility that a hacker will collect a sufficient number of 802.11 frames to crack the encryption. Per-packet key construction and distribution. WPA automatically generates a new unique encryption key periodically for each client. In fact, WPA uses a unique key for each 802.11 frame. This avoids the same key staying in use for weeks or months as they do with WEP. This is similar to changing the locks on a house each time you leave, making it impossible for someone who happened to make a copy of your key to get in. Message integrity code. WPA implements the message integrity code (MIC), often referred to as "Michael," to guard against forgery attacks. WEP appends a 4-byte integrity check value (ICV) to the 802.11 payload. The receiver will calculate the ICV upon reception of the frame to determine whether it matches the one in the frame. If they match, then there is some assurance that there was no tampering. Although WEP encrypts the ICV, a hacker can change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver. WPA solves this problem by calculating an 8-byte MIC that resides just before the ICV. For authentication, WPA uses a combination of open system and 802.1x authentication. Initially, the wireless client authenticates with the access points, which authorizes the client to send frames to the access point. Next, WPA performs user-level authentication with 802.1x. WPA Interfaces to an authentication server, such as RADIUS or LDAP, in an enterprise environment. WPA is also capable of operating in what's known as "pre-shared key mode" if no external authentication server is available, such as in homes and small offices. An issue that WPA does not fix yet is potential denial of service (DoS) attacks. If someone, such as a hacker or disgruntled employee, sends at least two packets each second using an incorrect encryption key, then the access point will kill all user connections for one minute. This is a defense mechanism meant to thwart unauthorized access to the protected side of the network. You will be able to upgrade existing Wi-Fi-compliant components to use WPA through relatively simple firmware upgrades. As a result, WPA is a good solution for providing enhanced security for the existing installed base of WLAN hardware. The eventual 802.11i standard will be backward compatible with WPA; however, 802.11i will also include an optional Advanced Encryption Standard (AES) encryption. AES requires coprocessors not found in most access points today, which makes AES more suitable for new WLAN installations. Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs and offers workshops on deploying wireless LANs. Join Jim for discussions as he answers questions in the 802.11 Planet Forums. RELATED ARTICLES VPNs, Dot-One-X and the Mailman WLAN Security's Slippery Slope Analyzer Detects Wireless LAN Security, Performance Problems Tools: Tutorials Archives | 7 day summary Add wi-fiplanet.com to your favorites Add wi-fiplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed IT in 2018: Download Free eBook By The Author Of "Does IT Matter?" Simple Registration Is Required. Data Sheet: IBM Information Server Blade What's The Future Of IT? Find Out By Reading "IT in 2018" Now. Free Registration Required. Learn about expanding business opportunities for the reseller channel. Visit IT Channel Planet. Article: Manage Your Windows Infrastructure with Microsoft System Center

Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: 7.0, Microsoft's Lucky Version? Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Windows Server 2008 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1 Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES