Q&A
WPA, WPA2, AND IEEE 802.11I OVERVIEW
Q. What is Wi-Fi Protected Access?
A. Wi-Fi Protected Access (WPA) is a standards-based security solution from the Wi-Fi Alliance that addresses the vulnerabilities in native WLANs and provides enhanced protection from targeted attacks. WPA addresses all known Wired Equivalent Privacy (WEP) vulnerabilities in the original IEEE 802.11 security implementation and brings an immediate security solution to WLANs in both enterprise and small office/home office (SOHO) environments. WPA uses Temporal Key Integrity Protocol (TKIP) for encryption. WPA is fully supported by the Cisco Unified Wireless Network.
Q. What is WPA2?
A. WPA2 is the next generation of Wi-Fi security. It is the Wi-Fi Alliance's interoperable implementation of the ratified IEEE 802.11i standard. It implements the National Institute of Standards and Technology (NIST) recommended Advanced Encryption Standard (AES) encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA2 facilitates government FIPS 140-2 compliance, and is fully supported by the Cisco Unified Wireless Network.
Q. What is IEEE 802.11i?
A. IEEE 802.11i defines security standards for WLANs. IEEE 802.11i details stronger encryption, authentication, and key management strategies for wireless data and system security. It includes two new data-confidentiality protocols (TKIP and AES-CCMP), a negotiation process for selecting the correct confidentiality protocol, a key system for each traffic type, key caching, and pre-authentication. For more information, an article written by IEEE 802.11i Working Group Chairperson, David Halasz of Cisco Systems, is available through Embedded.com, at: IEEE 802.11i and Wireless Security.
Q. How are WPA and WPA2 similar?
A. Both WPA and WPA2 offer a high level of assurance for end users and network administrators that their data will remain private and that access to their networks will be restricted to authorized users. Both have personal and enterprise modes of operation that meet the distinct needs of the two market segments. The Enterprise Mode of each uses IEEE 802.1X and extensible authentication protocol (EAP) for authentication.
Q. How are WPA and WPA2 different?
A. WPA2 provides a stronger encryption mechanism through AES, which is a requirement for some corporate and government users. TKIP, the encryption mechanism in WPA, relies on RC4 instead of Triple Data Encryption Standard (3DES), AES, or another encryption algorithm.
Q. Is WPA2 backward-compatible with WPA?
A. Yes. All products that are Wi-Fi Certified for WPA2 are required to be interoperable with products that are Wi-Fi Certified for WPA.
Q. When did WPA2 certification testing begin?
A. WPA2 certification testing began on September 1, 2004.
ENTERPRISE MODE AND PERSONAL MODE
Q. What are the different modes of operation of WPA and WPA2?
A. WPA and WPA2 have two different modes-Enterprise and Personal. Both modes provide encryption support and user authentication. Below is a summary of WPA and WPA2 and each mode type. A comparison of the mode types is presented in Table 1.
WPA
• Provides authentication support via IEEE 802.1X and Pre-Shared Key (PSK) (IEEE 802.1X recommended for enterprise deployments)
• Provides encryption support via TKIP, including message identity check (MIC) and per-packet keying (PPK) via initialization vector (IV) hashing and broadcast key rotation
WPA2
• Provides authentication support via IEEE 802.1X and PSK
• Provides encryption support via AES-CCMP
Enterprise Mode
Enterprise Mode is a term given to products that are tested to be interoperable in both PSK and IEEE 802.1X/EAP modes of operation for authentication. When IEEE 802.1X is used, an authentication, authorization, and accounting (AAA) server (the RADIUS protocol for authentication and key management and centralized management of user credentials) is required. Enterprise Mode is targeted to enterprise environments.
Personal Mode
Personal Mode is a term given to products tested to be interoperable in the PSK-only mode of operation for authentication. It requires manual configuration of a pre-shared key on the access point and clients. PSK authenticates users via a password, or identifying code, on both the client station and the access point. No authentication server is needed. Personal Mode is targeted to SOHO environments.
Table 1. Comparison of WPA and WPA2 Mode Types
Q. How does Enterprise Mode using IEEE 802.1X work?
A. IEEE 802.1X is a port-based security standard (set by the IEEE 802.1 Working Group) for network access control. IEEE 802.1X for IEEE 802.11 takes advantage of standard protocols such as EAP and RADIUS to provide centralized user identification, authentication, dynamic key management, and accounting. This protocol is compatible with wireless roaming technologies, working between supplicants and authenticators. Authentication and authorization are achieved with back-end communications to an authentication server, such as Cisco Secure Access Control Server (ACS).
Q. How does Personal Mode using PSK work?
A. PSK authenticates users via a password, or identifying code, on both the client station and the access point. A client may only gain access to the network if the client's password matches the access point's password. The password also provides keying material that TKIP or AES use to generate an encryption key for each packet of transmitted data. PSK is not secure enough for enterprise environments.
Q. What are the disadvantages of Personal Mode using PSK?
A. WPA PSK is similar to static WEP in that the PSK is stored on the client station and can be compromised if the client station is lost or stolen. Also, managing individual PSK keys is a burden to midsize or large organizations. WPA PSK is sufficient only for small businesses, or businesses that do not entrust mission-critical data to their WLAN networks. All other organizations must use Enterprise Mode. Cisco does not recommend PSK for enterprise customers.
CISCO WIRELESS PRODUCTS WITH WPA AND WPA2
Q. Does Cisco support both WPA and WPA2?
A. Yes. Cisco wireless products and Cisco Aironet® Series products support both WPA and WPA2.
Q. What Cisco Aironet access points support WPA and TKIP?
A. The following Cisco Aironet autonomous and lightweight access points support WPA and TKIP: 1240AG Series, 1230AG Series, 1200 Series, 1130AG Series, 1100 Series, 1000 Series and 350 Series access points and the 1300 Series access point/bridge.
Q. What Cisco wireless LAN controllers support WPA and TKIP?
A. Cisco 2000, 4100, or 4400 Series wireless LAN controllers as well as the Cisco Catalyst® 6500 Series Wireless Services Module (WiSM) and Cisco Wireless LAN Controller Module (WLCM) for Integrated Services Routers support WPA and TKIP.
Q. What Cisco Aironet client adapters support WPA?
A. Cisco Aironet 350 Series, 5 GHz 54 Mbps (CB20A) Series, 802.11a/b/g PCI Wireless LAN client adapters, and 802.11a/b/g CardBus Wireless LAN client adapters support WPA. For Windows XP and Windows 2000, support is provided with Cisco Client Adapter Installation Wizard 1.3 or later. For Windows CE, support is provided with Cisco Aironet Client Utilities 2.50 and Driver 2.50 or later for Cisco Aironet 350 Series client adapters. Software can be downloaded at the Cisco Software Center (Cisco.com login is required).
Q. What Cisco Aironet access points support WPA2 and AES?
A. The following Cisco Aironet autonomous and lightweight access points support WPA2 and AES: Cisco Aironet 1240AG Series, 1230AG Series, 1130AG Series and 1000 Series access points. Cisco Aironet 1100 Series, 1200 Series and 1300 Series 802.11g radios support WPA2 with a Cisco IOS Software upgrade via Cisco IOS Software Release 12.3(2)JA or later.
Q. What Cisco wireless LAN controllers support WPA2 and AES?
A. Cisco 2000, 4100, and 4400 Series wireless LAN controllers as well as the Cisco Catalyst® 6500 Series Wireless Services Module (WiSM) and Cisco Wireless LAN Controller Module (WLCM) for Integrated Services Routers support WPA2 and AES.
Q. Which Cisco Aironet 1200 Series 802.11a radio modules support WPA2 and AES?
A. Cisco Aironet 1200 Series radio modules with the part numbers AIR-RM21A or AIR-RM22A support WPA2 and AES. The Cisco Aironet 1200 Series radio module with the part number AIR-RM20A does not support WPA2 or AES.
Q. Which Cisco Aironet 802.11b access points support WPA2 and AES?
A. Cisco Aironet 802.11b access points are not upgradeable to support WPA2 and AES.
Q. Will Cisco Aironet 350 Series access points and client devices support WPA2?
A. No. Cisco Aironet 350 Series products will not support WPA2 because their radios lack AES support. Customers will need to upgrade to Cisco Aironet Series access points and client devices that support AES if they wish to use WPA2.
Q. What Cisco Aironet client devices will support WPA2 and AES?
A. Cisco Aironet 802.11a/b/g client adapters purchased today can run AES and support WPA2. Cisco Aironet 802.11a/b/g client adapters purchased in early 2005 are AES-ready and need only a software upgrade to run AES and support WPA2.
Q. Do Cisco Compatible clients support WPA and WPA2?
A. WPA support is a requirement of Cisco Compatible Extensions Version 2. WPA2 is a requirement of Cisco Compatible Extensions Version 3. Check with your vendor to learn which Cisco Compatible Extensions version is available for your client device.
Q. Do Cisco Aironet access points support WPA Certified and WPA2 Certified client devices from other vendors?
A. Yes. Cisco Aironet access points support WPA Certified and WPA2 Certified client devices.
Q. Does Cisco support WPA and WPA2 Enterprise Mode and Personal Mode?
A. Yes. Cisco Aironet products support WPA Enterprise Mode, WPA Personal Mode, WPA2 Enterprise Mode, and WPA2 Personal Mode. Cisco recommends Enterprise Mode for our customers because it provides enterprise-class security with mutual authentication.
Q. What EAP types do Cisco Aironet products support for IEEE 802.1X authentication?
A. Cisco Aironet products support more IEEE 802.1X EAP authentication types than other WLAN products. Supported types include:
• EAP-Flexible Authentication via Secure Tunneling (EAP-FAST)
• Protected Extensible Authentication Protocol (PEAP)
• EAP-Transport Layer Security (EAP-TLS)
• EAP-Tunneled TLS (EAP-TTLS)
• EAP-Subscriber Identity Module (EAP-SIM)
WPA AND WPA2 DEPLOYMENT
Q. Should Cisco Aironet customers deploy WPA or WPA2?
A. WPA2 offers a higher level of security than WPA because AES offers stronger encryption than TKIP. Cisco recommends that customers use WPA2 for client devices that support WPA2. Though WPA is still considered secure and TKIP has not been broken, Cisco recommends that customers transition to WPA2 as soon as they can.
Because WPA2 requires configuration changes to both access points and client devices, the introduction of WPA2 should be planned and large sets of client devices and access points should be transitioned at the same time to minimize network disruption. One opportunity for a transition to WPA2 is when a wireless network is introduced, upgraded, or expanded.
Specialized WLAN client devices may not be able to run AES and may not be upgradable to AES (and WPA2). Therefore, Cisco recommends that enterprise organizations continue to use and deploy WPA for these devices as applicable. All networks should run WPA as a minimum.
Q. What businesses or organizations will be early adopters of WPA2?
A. Early adopters of WPA2 are likely to be organizations that:
• Want Wi-Fi Certified products based on the full IEEE 802.11i standard
• Are government agencies that require a security solution that can meet the FIPS 140-2 requirement, which WPA2's AES addresses
• Are in industries like financial services, insurance, or healthcare that want the added security of AES encryption
• Want the speed/CPU advantages of hardware-based AES over software-based MIC
Q. How do I know that a Cisco Aironet client is using WPA or WPA2?
A. View the "Association Table" on the Cisco Aironet access point or use the Cisco IOS Software CLI command:
• "show dot11 association <client MAC>"
• "Key Mgmt" will indicate WPA or WPA2, "Encryption" will indicate TKIP or AES.
Q. What configuration do I need on Cisco Secure ACS to support WPA or WPA2?
A. Cisco Secure ACS is used in WPA and WPA2 for the IEEE 802.1X authentication phase, using an EAP type. No specific configuration is required to support WPA or WPA2.
Q. Is it possible to have WPA and WEP clients associated to the same Cisco Aironet access point?
A. Yes. This is considered a transition mode and two solutions are available:
1. Use two different virtual LANs/service set identifiers (VLANs/SSIDs), one for WEP clients and one for WPA clients
2. Configure WPA Migration Mode (discussed below) on the Cisco Aironet access point
Q. Is it possible to have WPA2 and WPA clients associated to the same Cisco Aironet access point?
A. Yes. Two solutions are available:
1. Use two different virtual LANs/service set identifiers (VLANs/SSIDs), one for WPA2 clients and one for WPA clients
2. Configure WPA2 Mixed Mode (discussed below) on the Cisco Aironet access point
WPA AND WPA2 ENCRYPTION
Q. How do Cisco TKIP, WPA TKIP, and WPA2 with AES compare?
A. See Table 2 below.
Table 2. Comparison of Cisco TKIP, WPA, and WPA2
Q. What is TKIP?
A. TKIP is an IEEE 802.11i standard. It is an enhancement to WEP security. TKIP enhances WEP by adding measures such as PPK, MIC, and broadcast key rotation to address known vulnerabilities of WEP. TKIP uses the RC4 stream cipher with 128-bit keys for encryption and 64-bit keys for authentication. By encrypting data with a key that can be used only by the intended recipient of the data, TKIP helps to ensure that only the intended audience understands the transmitted data.
TKIP uses a MIC called Michael. Michael allows devices to confirm that their packets are uncorrupted during the sending-and-receiving transmission process. MIC prevents "bit-flip" attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof. MIC is similar to cyclical redundancy check (CRC) and can detect if a hacker has intercepted and changed a packet between its source and destination.
Broadcast key rotation enables the network administrator to set the shared broadcast key to "timeout", causing a new broadcast key to be generated. This procedure mitigates passive attacks attempting to determine the broadcast key from weak initialization vectors.
Q. Does Cisco support both Cisco TKIP and WPA TKIP?
A. With the Cisco Unified Wireless Network, both Cisco TKIP and WPA TKIP algorithms are available on Cisco Aironet access points operating autonomously and Cisco and Cisco Compatible client devices. Although Cisco TKIP and WPA TKIP do not interoperate, Cisco Aironet access points operating autonomously can run both Cisco TKIP and WPA TKIP simultaneously when using multiple VLANs. System administrators will need to choose one set of TKIP algorithms to activate on the enterprise's client devices, because clients cannot support both sets of TKIP algorithms simultaneously. WPA TKIP is recommended for use in most instances when WPA is used. Cisco wireless LAN controllers and Cisco Aironet lightweight access points provide support for WPA TKIP.
Q. Is AES encryption performed in hardware or software?
A. It is recommended that AES encryption (and decryption) be performed in hardware because of the computationally intensive nature of AES. Cisco Aironet products perform AES encryption in hardware. Performing AES encryption in software requires sufficient horsepower, such as that offered by a 2.5-GHz Pentium processor laptop. If an access point performed AES encryption/decryption in software while serving numerous associated clients, the access point likely would incur performance degradation, especially if that access point lacked a powerful processor and a large amount of RAM and ROM.
Q. What is CCMP?
A. AES-CCMP is the encryption protocol in the 802.11i standard. CCMP is based upon the Counter Mode with CBC-MAC (CCM) of the AES encryption algorithm.
• CCM is the algorithm providing data privacy.
• The Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication.
• CCMP uses 128-bit keys, with a 48-bit initialization vector (IV) for replay detection.
Q. Does WPA2 have session keys?
A. Like WPA, WPA2 creates unique session keys on every association for each client, helping to ensure that every packet sent over the air is encrypted with a unique key.
Q. Is pre-authentication required for WPA2?
A. No. Pre-authentication is optional with WPA2.
ATTACK MITIGATION
Q. What network attacks are mitigated by WPA and WPA2?
A. WPA and WPA2 mitigate several active and passive network attacks, including man-in-the-middle, authentication forging, weak key attacks, packet forgery, and brute force attacks when PEAP, EAP-TLS, EAP-FAST, or Cisco LEAP are used with TKIP or AES. It is important to note that Cisco LEAP requires strong passwords.
Q. Where can I learn more about WLAN network attacks?
A. Read the Cisco Wireless LAN Security Overview-Protection from Network Attacks section as well as the WLAN deployment documents listed below.
Q. Where can I read more about Dictionary Attacks on Cisco LEAP?
A. Please read the Cisco Response to Dictionary Attacks on Cisco LEAP product bulletin for more information about Dictionary Attacks on Cisco LEAP.
CISCO WIRELESS PHONES-WPA AND WPA2
Q. Does Cisco support WPA or WPA2 on the Cisco Wireless IP Phone 7920?
A. The Cisco Wireless IP Phone 7920 supports static WEP and Cisco LEAP, with dynamic keying and key expiration subject to RADIUS session timeout. Learn more about deploying a secure Cisco Wireless IP Phone 7920 by reading the Wireless Voice Security Recommendations document.
WPA MIGRATION MODE
Q. What is WPA Migration Mode?
A. WPA Migration Mode is an access point setting defined by Cisco that enables both WPA and non-WPA clients to associate to an access point using the same SSID. To use this feature, the Cisco Aironet access point operating autonomously must be configured for Migration Mode (WPA optional with TKIP+WEP128 or TKIP+WEP40 cipher). Cisco Aironet autonomous access points support the following device types via Migration Mode:
• WPA clients capable of TKIP and authenticated key management
• IEEE 802.1X clients (such as Cisco LEAP clients and clients using TLS) capable of dynamic keying but not TKIP
• Static WEP clients not capable of TKIP or authenticated key management
Q. How do I configure WPA Migration Mode on a Cisco Aironet access point operating autonomously?
A. Cisco Aironet autonomous access points using Cisco IOS Software Release 12.2(11)JA and later support WPA migration mode. To set up an SSID for WPA Migration Mode, configure these settings:
• WPA optional
• A cipher suite containing TKIP and 40-bit or 128-bit WEP
• A static WEP key in key slot 2 or 3
Q. Are there any security threats in using WPA Migration Mode?
A. While useful for transitions, the effect of supporting both static or dynamic WEP clients and WPA clients is that security will operate at the least-secure level common to all devices. In WPA Migration Mode, although WPA key authentication, per-packet keying, and message integrity are enabled, this is not enforced for all clients. As a result, a passive WEP key attack could be launched against WEP users. Additionally, the broadcast WEP key rotation (Group Key rotation in WPA terms) may not be employed for static WEP clients, even though it will be used for IEEE 802.1X clients. Cisco recommends that customers migrate their WLAN deployments to WPA2 or WPA as quickly as possible. WPA Migration Mode should only be used as a temporary transition mode.
WPA2 MIXED MODE
Q. What is WPA2 Mixed Mode?
A. WPA2 Mixed Mode operation permits the coexistence of WPA and WPA2 clients on a common SSID. WPA2 Mixed Mode is a Wi-Fi Certified feature. During WPA2 Mixed Mode, the access point advertises the encryption ciphers (TKIP, CCMP, other) that are available for use. The client selects the encryption cipher it would like to use and the selected encryption cipher is used for encryption between the client and access point once it is selected by the client. The access point must support WPA2 Mixed Mode to use this option.
WLAN SECURITY DOCUMENTS
Q. Where can I learn more about WPA?
A. Visit the Wi-Fi Alliance WPA Website to learn more about WPA.
Q. Where can I learn more about WPA2?
A. Visit the Wi-Fi Alliance WPA2 Website to learn more about WPA2.
Q. Where can I learn more about deploying secure WLANs?
A. To learn more about deploying secure WLANs, the following documents are available to you:
• Wireless LAN Security White Paper
• Cisco Aironet Technical References
Q. Where can I learn more about WLAN security?
A. Please read the Cisco Wireless WLAN Security brochure to learn more about WLAN security.
FOR MORE INFORMATION
For more information about the Cisco Unified Wireless Network, visit: http://www.cisco.com/go/unifiedwireless
For more information about Cisco Aironet products, visit: http://www.cisco.com/go/aironet
For more information about Cisco Compatible client devices, visit: http://www.cisco.com/go/ciscocompatible/wireless
For more information about Cisco Secure ACS, visit: http://www.cisco.com/go/acs