Introduction

Clearly the shortcomings of WEP limit its usefulness in an enterprise context. The IEEE has been hard at work in the 802.11i Task Group to develop a replacement for WEP. Originally called WEP2, the name was changed to WPA, which is, as mentioned earlier, short for Wi-Fi Protected Access.

According to rumors inside the Wi-Fi Alliance, the running joke was: “After the ship sinks, you don't name the next one Titanic 2.” On October 31, 2002, the Wi-Fi Alliance announced WPA, in essence a compromise solution because parts of the 802.11i specification were ready (such as 802.1x and Temporal Key Integrity Protocol [TKIP]) and other parts were not (such as Advanced Encryption Standard [AES] and secure deauthentication/disassociation).

The Wi-Fi Alliance's logic was this: We can't wait until the entire 802.11i specification is ratified (which would not happen for another year or two at best), therefore, let's take the parts that are ready for prime time and release them now. In essence, WPA is a subset of 802.11i that can be accomplished via software and firmware upgrades. It addresses both encryption (TKIP) and access control (802.1x).

From a security perspective, these technologies have great importance because they solve a number of weaknesses and vulnerabilities found in WEP and the 802.11 protocol. In this chapter, we will take a closer look at 802.11i, WPA, TKIP, and AES. Chapter 6 will talk more about 802.1x. By developing a deeper understanding of how these protocols work, you will be in a better position to deploy enhanced security solutions in a variety of configurations.