Tudy On Wpa And Wpa2 Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This paper deals with the study of WPA and WPA2; its origin, development, requirements, application, working, benefits and weaknesses. It also has a comparative study of both WPA and WPA2 and its difference from their previous versions are explained.


Wireless networks are one of the most popular and widely used networks in the present world of network. Securing a wireless network is the greatest challenge faced by the networking field faced in the past and in the present. Wireless network are more prone than any other networks because it can be accessed from anywhere inside the wireless region once the user gets the authentication information or by hacking the authentication information. In 1991 a wireless protection encryption system was introduced known as Wired Equivalent Privacy (WEP) used to provide confidentiality and integrity of the data by the Wi-Fi Alliance. Later in 2003 the Wi-Fi Alliance introduced an advanced certification program the Wi-Fi Protected Access (WPA) which implements most of the IEEE 802.11i standard this conquered severe problems faced by WEP. In 2004 the Wi-Fi Alliance developed a more advanced and a sophisticated version of the certification program WPA2 which provides a much more secure data encryption and authentication than WPA. The WPA and WPA2 have proved to be the successful protocol for many years.

A brief history of WEP

WEP was the first introduced encryption protocol in IEEE 802.11 standard (1991). It relies on RC4 encryption algorithm. It faced many problems and proved vulnerable to many attacks like the RC4 issue; it is unsafe at any key size, CRC bit flipping attack, FMS attacks, and Korek attacks. Finally in 2004 the WEP was jeopardised and a new encryption protocol was introduced by overcoming all the attacks faced by it. [1]

Wi-Fi Protected Access (WPA)

In 2004 the Wi-Fi Alliance developed a certification program which follows the security protocol and which implements the majority of the IEEE 802.11i standards. This was developed in order to overcome the security issues faced by the WEP. WPA uses the encryption system with Temporal key Integrity Protocol (TKIP) with Message Integrity Check (MIC) and it uses Extensible Authentication Protocol (EAP) authentication mechanism. It also uses a Pre-shared Key technology for authentication. It is based on IEEE 802.11i standards and with it’s inter operable service it increases the data protection level and the access control level to a great extent in the Wi-Fi systems. Unlike WEP it changes the effective key very often making WPA more secure.

WPA is widely used because since September 2003 all new 802.11b and 802.11 g hardware which are tested by Wi-Fi certification must implement WPA on it.WPA was designed by well known cryptographers and they suggested that it conquers many of the known attacks faced by WEP. [5]


In 2004 a second generation implementation of the WPA was developed by the Wi-Fi Alliance the WPA2 which is much more advanced and sophisticated than the WPA. It uses a new encryption technology the Advanced Encryption Standard (AES) which is more advanced encryption system than the WPA encryption system. Like WPA, WPA2 uses the Extensible Authentication Protocol for authentication which is well secured. This proved to be a more secure than any other security program. In 2006 all hardware approved by 802 b and g which has Wi-Fi certification must have WPA2 implemented in it. [5]


Both WPA and WPA2 have two classified modes Enterprise mode and Personal mode where both the modes provide authentication and encryption solution. [2]

Table : Types of Modes of WPA and WPA2


This mode is designed for the enterprise security which operates in a managed mode. It uses the IEEE 802.1x authentication framework which uses the EAP with an authentication server. Thus this mode is a well secured for a large system by providing a mutual authentication between the authentication server and the client through the access point.

Each user in this mode is assigned a unique key to access the network thus providing individual accuracy. In this mode TKIP encryption is used for WPA in which in each session an encryption key is assigned for every data packet communicated by an encryption cipher employed by the TKIP. And AES encryption type is used for WPA2.


This mode id designed for small business and home networks where there is no authentication server is used. This uses a PSK for authentication unlike in enterprise mode where IEEE 802.11 is used. This operates on an unmanaged mode. Here a PSK is shared among users therefore the strength of the PSK should be high.

Personal mode uses TKIP encryption type for WPA and AES for WPA2 like the enterprise mode.


The authentication process is done by IEEE 802.1x framework or the EAP framework. A mutual authentication is initiated in the WPA enterprise and the WPA2 when a user communicates with an Access Point (AP). The user gets the access to the network only when it is authenticated by the access point. The authentication server receives the credentials provided by the user. Mutual authentication protects the user from connecting to rogue APs by ensuring both the authorised user and the client that the communication is entitled between them.

The client enters the WLAN only when the authentication server accepts the users credentials if it does not accepts then it is blocked from entering into the WLAN. A Pair wise Master Key (PMK) is generated simultaneously when the user authenticates. Between the client and the AP a four way handshake takes place then TKIP and AES gets installed and established for WPA and WPA2 respectively thus completing the authentication process between the client and the access point.

Table : Network Authentication Types

There are various types of authentication is used in WPA and WPA2 table 2 shows the authentication types used by them with RADIUS servers and PSK. The WPA and WPA2 use the same authentication mechanism therefore both the encryption type can be simultaneously used in the same network as it uses same authentication mechanism. The description for the authentication type which is used for both is shown in the table 2. The WPA and WPA2 authentication are well secured than any other encryption system. [4]

WPA Encryption Using TKIP

WPA overcomes WEP encryption problems by using a forceful encryption system provided by Temporal Key Integrity Protocol (TKIP). It replaces the small static encryption key of 40 bit which is entered manually on the client devices and the access points, with a per packet 128-bit key. Unlike WEP, WPA generates keys dynamically which avoids the intruders who rely upon predicting the key. It operates on the MAC layer.

The authentication server makes the 802.1x generate a unique master key or pair wise key for that session during the process once when the user’s credentials are authenticated. The key hierarchy and the management system are maintained by distributing the key to the access point and the client which is done by TKIP. During a session every data packet which is communicated is assigned a unique key generated by TKIP. By doing this it generates around 280 trillion possible keys for a data packet which is hypothetically impossible to trace back.

It also uses the Message Integrity Check (MIC) by providing a mathematical function where both the transmitter and the receiver compute and compare it. If the MIC’s do not match then the packet is removed assuming it to be tampered. Thus it protects the data packets from capturing, changing and resending by an attacker. [4]

WPA2 Encryption Using AES

AES is a block cipher which is a type of symmetric cipher where a same key is used for encryption and decryption. AES encrypts the bits in blocks of plaintext by calculating separately instead of a single key put over a plaintext input data stream. In WPA2 the 128 bit AES is used. There are four stages carried out by AES making one round where every round is iterated several times. For WPA2 the iteration is done for ten times each round.

Counter-Mode/CBC-Mac Protocol (CCMP) is used in AES for WPA2. For a block cipher which use same key for both encryption and decryption CCMP will be a new mode of operation. There are two modes used by the CCMP which are the Counter Mode (CTR) and the Cipher Block Changing Message Authentication Code (CBC-MAC) mode. Data encryption in CCMP is done in the CTR mode and the data integrity is provided by the CBC-MAC mode.

As a result in the encryption process an authentication component is generated by the CCMP using CMC-MAC mode. It differs from the WPA encryption where there is a separate algorithm is required for the integrity check as in here the integrity check is done by the CCMP through CMC-MAC default. On top of this a 48-bit Initialisation vector (IV) is used by the AES which further enhancing its encryption system. AES is said to be the most powerful encryption system as it requires more than billions of operations to break its key. Thus it is said to be a most secure cryptographic algorithm. WPA2 encryption system using AES is more powerful than the WPA encryption system using TKIP.


WPA uses Robust Security Network (RSN) a new network architecture which separates message integrity from user authentication. It is more secure network architecture and complex. It gives accurate solutions for wireless networks. The RSN architecture consists of four phases [1]

Agreeing on the security policy

802.1x authentication

Key derivation and distribution

RSNA data confidentiality and integrity.

Phase 1: Agreeing on the security policy

In the first phase the security policy to be used is agreed by the communication parties. The security policies carried out by the APs is displayed on a Probe Respond Message which is done by accepting the request for the probe from the client. This is followed by an 802.11 open system authentication and the client is allows access only if the authentication system approves it.

Figure : phase 1: Agreeing on security policy

Phase 2: 802.1X Authentication

The second phase is a standard specific 802.1X authentication method which are based on extensible authentication protocol type. 802.1X/EAP requests the client for the certification which requires a PKI then the authentication mechanism is initiated once the client credentials responses the correct authentication information. A master key (MK) is generated commonly to the client and the server then a Radius accept message is sent to the AP from the server which contains the master key and the EAP message specific to the chosen method is sent to the client. Figure 2 shows the second phase.

Figure : phase 2: 802.1X Authentication

Phase 3: Key Hierarchy and Distribution

The third phase consists of the key generation and the key exchange. The security mainly depends on the keys, it is maintained by a compilation of several various keys where every key is assigned a limited lifetime which is grouped in a hierarchy. A session key is generated for the security context once it is determined by the authentication method and is constantly updated until the security is completed.

Figure : phase 3: Key derivation and distribution

This phase consists of three steps the first one is the transmission of the master key from the access point and AS. The next step is a four way hand shake where the Pair wise Transient Key (PTK) and the group Transient Key are derived. The third step is the renewal of the GTK by group key handshake. Figure 3 shows the three steps of phase 3.

The pair wise key hierarchy is shown in figure 4 in this step the four way handshake is done by the AP where a pair wise master key is sent by the client and it is verified with the pair wise transient key which uses the TKIP and CCMP types and the encryption keys are installed in them. During the four way handshake four EAPOL messages are transmitted between the AP and the client that is the confirmation key, the encryption key, temporal encryption key and the temporal MIC key

Figure : phase 3: Pair wise key hierarchy

The four way handshake is shown in the figure 5. From PMK a fixed string PTK is derived which is the MAC address of the AP using the KCK. The synchronisation of the two entities are done before encryption

Figure : phase 3: 4 way handshake

The group key hierarchy is shown in the figure 6. Group Master Key (GMK) generates a Group Transient Key to prevent multicast traffic over the security channel. The encryption protocol determines the length of the GTK according to TKIP and CCMP of 256 and 128 bits respectively. Two keys are classified under GTK which are

Group Encryption Key (GEK)

Group Integrity Key (GIK)

Figure : phase 3: Group key hiererchy

In the process of Group key handshake an EAPOL key the one with the MIC, GTK is sent from the access point to the server and an EAPOL message key which has the response MIC is sent back to the access point from the client. The session keys that are generated during the four way handshake is used in the Group key handshake

The main purpose of this handshake is to renew the Group transient key following the request sent by the client and for dissociating the host. First a random number Gnonce is selected and the GTK s calculated. Then the newly calculated GTK is sent by encrypting it with KCK along with the GTK sequence number and the calculated MIC to the supplicant. The GTK is decrypted at the supplicant once the MIC is verified. After completing the group key handshake it sends an acknowledgement message with a GTK sequence number and the calculated MIC from the second message as a result the new GTK is installed by the authenticator.

Figure : phase 3: Group key handshake

Phase 4: RSNA Data Confidentiality and Integrity

The processes after the authentication and encryption take place in this phase. The main goal of this phase is to keep the data encrypted and to provide the integrity of the data throughout the communication. Previously generated keys are used in protocol.

Figure : TKIP key-mixing scheme and encryption

TKIP- Temporal Key Hash


WRAP (Wireless Robust Authentication Protocol)

These are the essential protocol used in this phase. TKIP depends on RC4 encryption algorithm similar to WEP the main reason for this is to use in the upgraded systems which was previously with WEP.TKIP overcomes many vulnerabilities faced by WEP like message integrity using MAC with Michael algorithm, IV issues by increasing its size and adding new set of rules, key management using advanced method of key distribution.

There are two phases involved with the TKIP Key-mixing scheme shown in the figure8. All the static data such as the session key TEK, higher 32 bits of the initialisation vector and TA are present in phase 1. The dynamic bits and the variable keys such as the 16 lower bits of the initialisation vector and the outputs of phase 1. For every packet sent the initialisation vector value increases by 1 starting from 0.

Figure : MIC computation using Michael algorithm

Michael algorithm is used in WPA for the Message integrity check created by Niels Ferguson. Figure 9 represents the MIC computation used in WPA.

CCMP relies on AES which is operated in the CCM mode. CCMP depends on AES like TKIP depends on RC4 but CCMP does not compromises itself where TKIP uses RC4 because it has to be implemented on WEP systems with an upgrade. In CCMP a same key is used for authentication and encryption with different IV in other words the authentication covers the non encrypted data. Figure 10 shows the CCMP encryption.

Figure : CCMP encryption

The Wireless Robust authentication protocol is also based on advanced encryption standard but here it uses OCB encryption scheme.


WPA overcomes all possible vulnerabilities of WEP. It provides user authentication which lacked in WEP. Major of WPA comes under IEEE 802.11 standard.

It can be implemented directly as software to almost all of the Wi-Fi certified devices. It offers IEEE standards based Wi-Fi security. It gives a high performance level to small business networks, home networks and enterprises. Presently many of the router products use WPA encryption in their devices. [4]


WPA2 is standard specific based interoperable version of the IEEE 802.11 standard. It uses AES for encryption and it also has the authentication mechanism. Many of the router products have WPA2 encryption in their devices although it cannot be upgraded. [4]

Apt for Home and Small Business Wireless Networks

Like the securities in enterprises the security for small networks and home is equally important. The home network can be equally harmful if it is accessed by other persons. In the present network world all the home connections and small business networks are Wi-Fi. In a survey it is proved that 60-70% of the home network is unsecured. WPA and WPA2 is the most successful encryption program used still now. [3]


WPA & WPA2 faced several weaknesses since it has released but they are not dangerous. The most known attack on WPA and WPA2 is the attack against its PSK key. Therefore WPA & WPA2 is still considered as the best encryption system. [1]


WPA and WPA2 overcome all known possible vulnerabilities that are face by WEP thus enhancing the access control and data protection to a great extent. They are very strong standard based protection with an interoperable solution in the wireless networks. It provides tremendous benefits of a secure Wi-Fi network. It is designed to work with all kind of adapters, from September 2006 all the IEEE 802 b and g devices which has the Wi-Fi certification must have WPA or WPA2 implemented in it hence it is fairly widely used. Thus WPA and WPA2 encryption types prove to be the best encryption types ever.