The Wi-Fi Alliance and IEEE 802.11 Task Group i have finally heard the voice of the marketplace.
I'm not sure whether the Halloween release of the announcement of a security solution called Wi-Fi Protected Access (WPA) was an inside joke or what. But I'm glad that someone finally came to their senses and realized that if they had waited the additional one to two years that the IEEE said it was going to take, that the marketplace was either going to decide for them, or create a fragmentation that would take years (if ever) to pull back together.
WPA is a subset of the IEEE 802.11i draft standard and is designed to be forward-compatible with 802.11i when it is finally published. The Q&A (PDF format) on the Wi-Fi Alliance's website says that WPA was created when "several members of the Wi-Fi Alliance teamed up with members of the IEEE 802.11i task group". Whether these folks jumped at the chance or had to be pushed is covered in the next section. But no matter how messy the birthing process, WPA seems to be a pretty good improvement over the present sorry state of WLAN security by providing improved encryption and simple, but robust, user authentication, that even home wireless networkers will be able to use.
Although the Wi-Fi Alliance is careful to point out that WPA isn't a standard, but instead a "specification of standards-based, interoperable security enhancements", it looks like it might as well be one. WLAN equipment vendors are lining up behind the spec with press releases issued by Intersil, Agere, Atheros, Funk Software, and Atmel concurrent with the Wi-Fi Alliance release.
But where did WPA come from? Any why now?
The smoke-filled room
Although I'd heard almost a year ago that a solution to WLAN security was imminent, months passed with only announcements of proprietary WLAN security systems from various vendors such as Funk, Symbol, Proxim and others. These systems incorporated pieces (and variations of pieces) of 802.11i, but were all aimed at enterprise-level WLANs and required authentication servers as part of their solutions. No one seemed to be interested in solving the residential / SOHO WLAN security problem.
As it turns out, the suspense of waiting for the IEEE to grind through its standards process was too much for some of the WLAN chip and equipment vendors to take, and they took matters into their own hands, forming a task group. From what I can gather, this group had the IEEE and Wi-Fi Alliance's blessing since the same companies participate in both organizations. The group gave the IEEE a way to let its standards-making process play out, while taking some of the heat off by getting a forward-compatible subset of the eventual 802.11i standard out into the market.
As reported by eWEEK and Computerworld a few months ago, the task group came up with something that was going to be called SSN (Safe Secure Networks, or Simple Secure Network... you decide!). But SSN looks like it was only going to address the WEP weakness part of the problem by blessing and deploying a protocol called TKIP (more on this shortly). This would still have left the authentication part of the WLAN security problem to be battled out in the market among the various proprietary solutions already being sold.
However somewhere in the past month or so, the authentication piece of the puzzle fell into place by taking the 802.1x and EAP pieces from the 802.11i toolbox, and adding them to TKIP. All that remained was to come up with a catchy(?) name that had the Wi-Fi branding in it... and voila, Wi-Fi Protected Access was born!
Better than WEP
Article after article, wardrive after wardrive has documented the fact that most wireless networkers don't enable WEP. In my opinion, this isn't because of WEP's infamous encryption weaknesses, but more due to the fact that there isn't a consistent WEP administration method among WLAN products, including those that carry the Wi-Fi CERTIFIED mark. Some products require Hexadecimal codes, other accept alphanumeric "passphrases"... aaaah, don't get me started! And forget about managing the process of changing WEP keys, even in a home-sized network, let along a corporate one!! Add in the fact that some wireless products suffer a WEP-enabled throughput reduction of up to 50%, and you can see why WEP has such a bad reputation.
To address this part of the WLAN security problem, WPA chose Temporal Key Integrity Protocol (TKIP). TKIP takes a master key (I'll talk about where that comes from shortly) as a starting point then derives its encryption keys mathematically from the master key. TKIP then regularly changes the encryption keys so that the same encryption key is never used twice. This all happens in the background automatically, which is as it should be!
Although it'll still be standard ol' 64 and 128 bit WEP doing the actual encryption, TKIP goes a long way toward making WEP more effective as an encryption mechanism. It remains to be seen, however, whether TKIP will cause a throughput reduction. One of the sources I consulted for this article said that this was one of the issues that had made the 802.11i committee reluctant to release TKIP, and remains a significant obstacle for the real encryption fix, AES.
I've asked a number of vendors whether TKIP will cause a throughput hit, but no one has yet responded. My guess is that the answer will depend on the hardware you have, and more specifically the chipset it uses. If you presently see a throughput reduction when you enable WEP, you'll probably see an additional hit when you upgrade to WPA and TKIP starts doing its thing. Products using older Intersil PRISM or PRISM II, or Lucent / Agere Systems chipsets would be the most likely candidates for an additional throughput trim. What happens to WLAN equipment using newer chipsets (Intersil PRISM 2.5 and above, TI ACX-100, Atheros AR5001X) that presently handle WEP without flinching is anyone's guess.
But hardening WEP is only part of the WPA story. The other half is the authentication mechanism.
Who are You?
The big step forward, in my opinion, is that WPA is blessing a much-needed authentication method out of the many that are presently competing for dominance in the marketplace. And even more important, it specifies a simplified form for consumer WLAN equipment that doesn't require an authentication server and that is easy to set up.
WPA uses 802.1x and Extensible Authentication Protocol (EAP) as the base of its authentication mechanism, but implements two authentication modes. In its "enterprise" level implementation, WPA's authentication will require a central authentication server (typically RADIUS) to authenticate each user on the network before they join it.
But since the authentication server requirement would never work in a consumer / SOHO WLAN because of the cost an complexity, WPA also provides a simplified form that allows the use of manually entered keys or passwords instead. This mode - called Pre-Shared Key (PSK) - only requires a single password entered into each WLAN node (Access Points, Wireless Routers, client adapters, bridges). Once the password is entered, WPA's TKIP mechanism takes over, generating and changing the WEP keys automatically.
Although this still requires the user to do something to enable security, the use of an alphanumeric password instead of multiple Hexadecimal codes should be easier for most users to cope with. Note however, that initially the Wi-Fi Alliance will allow vendors the option to ship with WPA turned on or off. At minimum, the WPA user interfaces on products should not ship with default (or null) passwords, and require (or at least strongly urge) the user to enable WPA and guide them through entering the master key on all stations. Proxim did a great job in this area on their HomeRF Symphony product line, which prompted the user to enter a network key on each station as part of its installation process. I hope they had some influence in this area during the WPA formation process.
Are We There Yet?
So let's see, WPA gives us robust encryption and user authentication that even a home user can deal with. So what are those IEEE guys still doing behind closed doors?
The Wi-Fi Alliance's Wi-Fi Protected Access Overview document (PDF) says the main pieces of the 802.11i draft that are not included in Wi-Fi Protected Access are:
- secure IBSS
- secure fast handoff
- secure de-authentication and disassociation
- enhanced encryption protocols such as AES-CCMP.
These features either aren't ready for prime time or will require hardware upgrades to implement. The 802.11i specification is supposedly going to be published at the end of 2003, but my guess is that will now be even less likely, with WPA taking the heat off for awhile. My guess is 2005 for full 802.11i, but hey, why rush things?
In the meantime, the good news is that WPA's improvments can all be done via software and firmware upgrades that are expected to begin rolling out in Q1 2003. Keep in mind that the Wi-Fi Alliance doesn't plan to begin interoperability certification testing on WPA products until February 2003, and won't make WPA mandatory for products to receive the Wi-Fi mark until the end of 2003.
Finally, although the Alliance would have you believe that only products with the Wi-Fi mark will incorporate WPA, I expect that everyone will hop on the WPA bandwagon once it starts rolling. The sooner, the better!
For more info: