Don't forget that on Monday, May 21, INE begins our 5-Day CCNA Wireless course.
If you haven't signed up yet, there's still time to do so here.

The course will be streamed live, online here.

Look forward to seeing everyone on Monday.


In the first part of this series, we examined WEP as presented in our CCNA Wireless Course. To read that first part, click here.

The WiFi Alliance introduced Wi-Fi Protected Access (WPA) in 2003 as a replacement technology for WEP. WPA is based on the 802.11i draft version 3. This improved technology relies upon Temporal Key Integrity Protocol (TKIP) to automate the changing of keys. Remember that a huge issue for WEP was the single, static key in use. Interestingly, WPA uses the RC4 encryption algorithm like WEP; although Advanced Encryption Standard (AES) can also be used if desired.

WPA can be implemented using two authentication modes:

  • Enterprise Mode - this mode requires a RADIUS server for authentication and key distribution
  • Personal Mode - this mode uses pre-shared keys; you have most likely seen this option in your home WiFi environments

WPA Enterprise Mode features the following steps:

  1. The client and Access Point (AP) agree on security capabilities.
  2. 802.1x authentication completes.
  3. The authentication server derives a master key and sends this key to the AP; the client derives the same key. This is called the Pairwise Master Key (PMK) and lasts for the duration of the session.
  4. A four-way handshake occurs that creates a new key called the Pairwise Transient Key (PTK). This process occurs between the client and the authenticator. This key is used to confirm the Pairwise Master Key (PMK), creates a temporal key for encryption, and creates keying material for the next step.
  5. The two-way group key handshake process begins. Here the client and authenticator create a Group Transient Key (GTK). This key is used to decrypt broadcast and multicast traffic.

WPA was engineered to be implemented in devices that had previously only supported WEP. These devices (in most cases) merely required a firmware update in order to support the much stronger security protocol.


In this series of blog posts, we will examine WLAN security mechanisms in an even greater detail than in our popular 5-Day CCNA Wireless course. We will begin with one that is now considered legacy due to major weaknesses that were quickly discovered in its implementation.

We Don't Need No Stinken' Wires!

This security mechanism receives the least coverage in the CCNA Wireless materials and exam, because, as we stated, it is indeed considered legacy. The official title for this technology is Preshared Key Authentication with Wired Equivalent Privacy. This name tells us a lot. We are not really truly authenticating someone using this approach, we are just ensuring that they possess a piece of information, the preshared key (password). Notice the Wired Equivalent Privacy portion of the name tells us that the creators of the technology were really trying to sell it to WLAN designers and implementers!

The WEP process consists of a series of steps as follows:

  1. The wireless client sends an authentication request.
  2. The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text.
  3. The client takes the challenge text received and encrypts it using a static WEP key.
  4. The client sends the encrypted authentication packet to the AP.
  5. The AP encrypts the challenge text using its own static WEP key and compares the result to the authentication packet sent by the client. If the results match, the AP begins the association process for the wireless client.

The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The attacker captures the clear-text challenge and then the authentication packet reply. The attacker then reverses the RC4 encryption in order to derive the static WEP key. Yikes!

As you might guess, the designers attempted to strengthen WEP using the approach of key lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The fundamental weaknesses in the WEP process still remained however.

We hope you are excited to learn more about the next generations WLAN security mechanisms that resulted...

Subscribe to INE Blog Updates

New Blog Posts!