AfterDawn: Glossary

Wi-Fi Protected Access

Wi-Fi Protected Access (also known as WPA and WPA2) is a certification program maintained by the IEEE that oversees standards for security over wireless networks. WPA was introduced in 2003 as a response to the exposure of Wired Equivalent Privacy (WEP) as being fundamentally flawed and very insecure. WPA implemented the majority of the 802.11i standard and serves as a security measure between the WEP flaw discoveries and the ratification of 802.11i. WPA uses the Temporal Key Integrity Protocol (TKIP), which could be implemented on network hardware that was available for years before WPA's existence by means of firmware upgrades.

Pre-share Key (PSK) is commonly used to drive WPA security. It requires the owner of the network to come up with a "passphrase" that must then be given to anybody who is allowed to join the network. This passphrase could be a random string of characters or an actual understandable phrase, although random characters is highly recommended for security reasons. This Pre-share Key (PSK) is saved by most operating systems that have WiFi support built-in so that the computer can automatically connect to the network after disconnection without needing to use the passphrase again.

The PSK must also be stored on the Wireless Access Point (WAP) or router hardware. Attacks against weak passphrases could be successful if the passphrase is not strong. To get around this problem, manufacturers often include their own software that generates a strong passphrase which can be shared to machines through an in-between medium (USB key for example). This can improve security as a program is not very likely to randomly generate a key that would be part of a dictionary used in a brute force attack.

While WPA is an excellent upgrade in comparison to WEP, some weaknesses were found and revealed in 2008, none of which can lead to the full compromise of a network's security (yet). The weakness in WPA was reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications.

Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network.

While at time of writing (November 2008) this not something to be feared at large, it is important to point out that WPA2 with AES encryption has not yet been found any way flawed (from a security perspective).

WPA was replaced by WPA2.



Select a term to see the explanation