Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Examining 802.11i and WPA

As a standards body, the IEEE 802.11i task group wasn't under the same market pressures as the vendor-driven Wi-Fi Alliance. After nearly three years of debate, the 802.11i committee is putting the finishing touches on its security standard, the Robust Security Network. RSN requires wireless clients and APs to have capabilities most existing devices don't have, including higher processing power and support for intensive encryption algorithms. There is also a transitional spec--conveniently called Transitional Security Network (TSN)--that lets RSN and older WEP systems operate in parallel in the same WLAN. But your wireless network won't be fully secure until it's all RSN.

RSN and WPA have a lot in common. They use the same security architecture for upper-level authentication, key distribution and key renewal. WPA, though, is built around TKIP (Temporal Key Integrity Protocol), which is available as a firmware upgrade to most legacy hardware. RSN is more comprehensive and includes support for AES (Advanced Encryption Standard), which is available only on the latest WLAN hardware.

We evaluated WPA in our Syracuse University Real-World Labs for integrity, confidentiality and authentication criteria (see "Meanwhile, Back at the Lab,").WPA, expressed as a formula, looks like this:


WPA = {802.1X + EAP + TKIP + MIC + (RADIUS*X)}

If WPA-PSK, X=0; ELSE X=1


WPA uses existing technology such as IEEE 802.1x, EAP, TKIP and RADIUS. Its authentication is based on the 802.1x authentication protocol that was developed for wired networks, as well as EAP (Extensible Authentication Protocol). EAP lets you use a variety of algorithms for authenticating the client with a RADIUS server.

  • 1