WLAN Security: The WPA Protocol

ITEC 122 Research Paper

By Jeff Meadows
Operational Theory
Executive Summary

In today’s digital world, wireless technology such as WLAN networks is becoming more and more
critical to the business world. However, wireless technologies have a significant downside as
opposed to wired: security. It is for this reason that wireless security protocols are needed, to
cryptographically secure network traffic and deny unauthorized access. Wi-Fi Protected Access
(WPA) is one of the most common wireless security protocols, especially for small home/office
situations.

As with any cryptographic security protocol, the input data (referred to as cleartext) is scrambled by
a cipher algorithm and turned into ciphertext. This ciphertext is unreadable, and can only be
converted back into cleartext through the use of the cipher that initially encrypted it. The
cryptographic key used in the initial encryption is also required. WPA uses the RC4 algorithm to
encrypt data, and the encryption key is supplied by the user in the form of a password (or
passphrase). (Wikipedia, par.4)

WPA consists of two major components: the Temporal Key Hash Function (TKIP), and the RC4
encryption algorithm. WPA was originally conceived as a temporary solution to the problems of
Wired Equivalent Privacy (WEP), an earlier wireless security protocol. WEP became infamous after
numerous flaws were exposed by hackers, leaving the protocol easily hacked. (Borisov, Golberg et.
al.)

WPA fixes these problems with TKIP, a new security algorithm that addresses the weaknesses of
WPA yet still retains the RC4 cipher algorithm. It vastly increases security in numerous ways: it uses
the master key to derive sub-keys (rather than using the master key itself), generates a new
encryption key every 10,000 packets, and mixes the initialization vector with the encryption key
using a hash function instead of simple concatenation. (Leidra par.1) TKIP also incorporates a
message checking feature which shuts down the Access Point for 60 seconds and instructs all clients
to generate a new encryption key if it detects more than two faulty messages in a 60-second period.
These countermeasures help prevent the injection of fake packets. (Techduke par.11)

The primary reason for continuing to use the RC4 cipher was that many routers have small or weak
processors, and therefore could not handle the demands of newer cryptographic ciphers. Due to
this effort to maintain backwards compatibility, WPA can be used on any router that could use WEP.
(dlaverty par. 3) In this way it can be more useful than the newer WPA2, which uses a processor-
intensive –albeit very secure- AES cipher. Although there have been several successful hacking
attacks against WPA (Naraine), it remains a fairly secure and workable wireless security protocol. It
is recommended that all networks unable to implement WPA2 make use of WPA instead.
Operational Theory
WPA’s Inner Workings: TKIP

The WPA protocol is –at its core- the old RC4 cipher algorithm encased in the Temporal Key
Integrity Protocol. Although the old cipher is retained (to ensure that WPA is able to run on
older routers), the many changes that TKIP brings mean that WPA is much more secure than its
predecessor. (dlaverty)

 WEP used a 40-bit encryption key, concatenated with a 24-bit initialization vector.
(Romero par.4 ) TKIP utilizes full 128-bit encryption keys with 48-bit initialization
vectors, and combines the two with a hash function. The resulting hash is used as the
encrypting key for the RC4 cipher. (Leidra par.1) The longer encryption keys and
initialization vectors (as well as the hashing function) make WPA less vulnerable to
brute-force password attacks. (FreeRadius par.7)
 TKIP uses the user-supplied encryption key as a “master key”, and continually derives
new sub-keys for use in the encryption algorithm. Although both parties (the encryptor
and the decryptor) must share the same master key, it remains private and is never
used to actually encrypt packets. (Freeradius par.5) WEP’s policy of always using the
same key to encrypt data meant that the encryption key could easily be retrieved and
deciphered by the interception of packets over time. Because WEP used the original
master key in the encryption algorithm and never changed its encryption key, once the
key was cracked the network was completely compromised. (Romeo par.8) TKIP derives
a new encryption key and “re-keys” itself every 10,000 packets, rendering such
interception efforts useless. (dlaverty par. 4)If hackers tried this strategy against WPA,
the encryption key gained would become useless within seconds of recovering it (even if
they had the skill to recover it within 10,000 packets, which is doubtful).

Attacks involving the injection of fake or altered data were very common (and effective) with
WEP. TKIP addresses this problem with MICHAEL, a mechanism designed to identify altered or
falsified packets. (Techduke par.8) The MIC (Message Integrity Check) is located within the
encrypted portion of the packet (so that it can’t be snooped on by a wireless sniffer) and is
created by hashing the initialization value, the source MAC address, and the receiver’s MAC
address. (Techduke par.10, 11) The hash function makes creating an faked MIC extremely
difficult, and the use of both sender and receiver’s MAC addresses is done in such a way that
each packet is encrypted on a per-sender, per-receiver basis (A to B would have a different MIC
than B to A). It would also mean that each encrypted packet allows for only one sender and one
receiver: only the computer with the specified MAC address could decrypt the packet.

*Some sections of the Research Paper have been removed from this excerpt. For copies of
the full-length original, please contact me at [email protected].