The WiFi Alliance introduced Wi-Fi Protected Access (WPA) in 2003 as a replacement technology for WEP. WPA is based on the 802.11i draft version 3. This improved technology relies upon Temporal Key Integrity Protocol (TKIP) to automate the changing of keys. Remember that a huge issue for WEP was the single, static key in use. Interestingly, WPA uses the RC4 encryption algorithm like WEP; although Advanced Encryption Standard (AES) can also be used if desired.
WPA can be implemented using two authentication modes:
- Enterprise Mode - this mode requires a RADIUS server for authentication and key distribution
- Personal Mode - this mode uses pre-shared keys; you have most likely seen this option in your home WiFi environments
WPA Enterprise Mode features the following steps:
- The client and Access Point (AP) agree on security capabilities.
- 802.1x authentication completes.
- The authentication server derives a master key and sends this key to the AP; the client derives the same key. This is called the Pairwise Master Key (PMK) and lasts for the duration of the session.
- A four-way handshake occurs that creates a new key called the Pairwise Transient Key (PTK). This process occurs between the client and the authenticator. This key is used to confirm the Pairwise Master Key (PMK), creates a temporal key for encryption, and creates keying material for the next step.
- The two-way group key handshake process begins. Here the client and authenticator create a Group Transient Key (GTK). This key is used to decrypt broadcast and multicast traffic.
WPA was engineered to be implemented in devices that had previously only supported WEP. These devices (in most cases) merely required a firmware update in order to support the much stronger security protocol.