Wireless Configuration

WPA 2 Explained

The main focus of this article is to explain how WPA 2 is a stronger security mechanism as compared to WPA and WEP? What is the need of introducing this new security mechanism in the wireless industries?

The other common name for WPA 2 is 802.11i by Wi-Fi alliance. There is no doubt that WPA is a good security mechanism that addresses all possible flaws of WEP. WPA also ensures excellent security to wireless networks. But there are still some issues with WPA. It still relies over RC4 security algorithm and temporary key integral protocol (TKIP). WPA 2 is the practical solution of all possible drawbacks addressed by WPA. WPA 2 is also a blessing to the wireless LAN security system.

What is 802.11i?

802.11i authentication is based upon robust security network system (RSN) that requires support of additional capabilities by wireless devices. For making a wireless device compatible to RSN you require extra software and hardware. Both RSN and WEP equipments can be supported only in the transition period. In the future years, there will be a time when WEP equipments will not be in use any longer.

WAP was based upon the implementation of TKIP protocol but scenario is changed in WAP 2 version. WAP 2 uses CCMP protocol for providing more scalable and advance security to the wireless devices.

What is CCMP?

CCMP (Counter Mode CBC MAC Protocol) is based upon AES (advance encryption standard). Sometimes CCMP is also referred as AES. So you don't have to confuse between CCMP and AES. They are just alternative terms used for the same standard in WPA 2.

AES (advanced encryption standard) is an excellent encryption mechanism which is much complex as compared to TKIP and covers all drawbacks of WEP security standard. AES security mechanism is based upon block cipher technique deals with 128 bits long blocks. AES uses CCMP protocol for security that is very much similar to TKIP in WPA.

CCMP integrates message integrity check (MIC) along with Cipher Block Chaining Message Authentication Code (CBC-MAC) for providing more security to the wireless data. Even a single change in bit can easily be identified by AES system. In this way, CCMP is very much safe to the third party attack.

The bad thing about WEP was management of static keys. Changing key time to time was a serious issue for large organization. It was also easy for hackers to crack these static keys. WPA 2 address this issue and CCMP protocol is able to release random keys for each block that changes time to time without any manual effort. CCMP also demands less space of 512 bits for occupying all random generated keys. This space is much less as compared to TKIP.

It is really good to know that administrator just require releasing a single master key and all other keys can be derived from that single master key. Very complex strategy is used for data encryption that is hard to decrypt for hackers. Encrypted data in WPA 2 is much complex as compared to encrypted data released in WPA.

CCMP ensure three facts of security. These are:

Data confidentiality means data is not interrupted by the third party between the sending and receiving end.

Data Authentication means data is broadcasted by an authentic user only.

Data Integrity means packets are arranged in proper manner at the receiving end.

A CCMP consist of Medium Access Control Protocol Data Unit (MPDU) that is further divided into four sections.

First section comprises MAC header that includes source address and destination address of data packet.

Second section comprises packet number and key ID. Packet number is 48 bits long that uses 6 octets for storage. With every broadcasted packet there is a packet number for identification. CCMP uses this information for message integrity along with MIC.

The third section contains the data that needs to be broadcast over the network. This data is broadcasted in the form of packets.

Fourth section contains message integrity code that ensures data authenticity and data integrity. Of all above sections, only data and MIC are broadcasted in encrypted form for security. In this way, CCMP is an excellent protocol that has raised the standard of wireless networks to another level.


The above discussion concludes that WPA 2 is the strongest security system in the wireless industry till now. Most of the companies are in favor of using WPA 2 standard only in the future. For home user, WPA is also fine. But enterprise users require advance security system that can ensure data confidentiality and data authenticity. As we know that administration of network and key management is the major issue for enterprise users. WPA 2 is an excellent choice for all enterprise users that want to switch over a reliable security mechanism. Now they also need not to care about key management and administration.

WPA 2 is designed through advance and proven technologies. Best cryptographic techniques are used for data encryption that is necessary for wireless security networks and users as well. There is no doubt that every best technique has some problems associated with it but WPA 2 has covered all issues raised with the older systems. Users' feedback proves that this is the best security mechanism used ever in the wireless industry. 802.11i (WPA 2) is an excellent security system that you can fully depend on.

If you want to switch over RSN networks then you require some software and hardware for upgrading yourself to the WPA 2 security system. These hardware and software are not available by default with the computer system. If you want to use WPA 2 then it is necessary to buy all recommended hardware from manufacturer.

You can check complete list of recommended hardware and software from Internet. It is also easy to implement WPA 2 security mechanism for your wireless networks. There is no doubt that CCMP is free from third party attacks as it is using block cipher technique for data encryption and decryption.