May 25, 2013

1.6.2 WPA2

WPA2

Wi-Fi Protected Access II (WPA2) is a security protocol developed to protect wireless network communications. WPA2 is also known as the IEEE 802.11i standard. It is certified by the Wi-Fi Alliance in 2004:

Table 1: Wi-Fi Security Timeline1

Date
Milestone
September 1997 IEEE 802.11 standard ratified, including WEP
April 2000 Wi-Fi CERTIFIED program launched, with support for WEP
May 2001 IEEE 802.11i task group created
April 2003 WPA introduced with:
• IEEE 802.1X authentication
• Temporal Key Integrity Protocol (TKIP) encryption
• Support for EAP-Transport Layer Security (EAP-TLS)
September 2003 WPA mandatory for all Wi-Fi CERTIFIED equipment
June 2004 IEEE 802.11i amendment ratified
September 2004 WPA2 introduced with:
• IEEE 802.1X authentication
• AES encryption
• Support for EAP-TLS
April 2005 Support for four additional EAP-types added:
• EAP-Tunneled TLS Microsoft Challenge Handshake Authentication Protocol Version 2 (EAP-TTLS/MSCHAPv2)
• Protected EAP Version 0 (PEAPv0)/EAP-MSCHAPv2
• Protected EAP Version 1 (PEAPv1)/EAP Generic Token Card (EAP-GTC)
• EAP-Subscriber Identity Module (EAP-SIM)
March 2006 WPA2 mandatory for all Wi-Fi CERTIFIED equipment
January 2007 Wi-Fi Protected Setup program launched
November 2007 IEEE 802.11w task group created
May 2009 Support for EAP-AKA and EAP-FAST added
January 2012 Support for Protected Management Frames added to WPA2

WPA2 includes an encryption and an authentication protocol:
  1. The encryption protocol is Advanced Encryption Standard (AES), it is used to secure wireless networks and protect data.
  2. IEEE 802.1X is the authentication protocol. It provides authentication and network access control features.
It also provides mutual authentication with Pre-Shared Key (PSK; in Personal mode) and with IEEE 802.1X / EAP (in Enterprise mode).

WPA2 operates in two modes: Enterprise and Personal:
  1. In Enterprise mode, WPA2 takes advantage of IEEE 802.1X Authentication, Authorization, Accounting (AAA) servers to monitor and manage traffic, define user-specific authentication levels, and offer guest access services.
  2. Home and small-office networks typically run WPA2 in Personal mode (WPA2-Personal). In personal mode the network Service Set Identifier (SSID) and a passphrase entered by the user are used to derive the security key.
WPA2 uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an Advanced Encryption Standard (AES) based encryption protocol, which uses the same key is used for both encryption and integrity protection.

References

No comments:

Post a Comment