Wireless Configuration

WPA Explained

WPA - Wi-Fi Protected Access

Security is a serious threat for wireless industries since beginning. Various standards are used for providing security to the wireless network and these standards are constantly improving with changing technology and demand. Prior to WPA, WEP (Wired Encryption Privacy) encryption scheme was used for protecting wireless networks. WEP is an excellent security mechanism that uses a static key concept for protecting wireless network. In static key concept, same key is used at sending and receiving end and it is easy to crack for the hackers. So WEP security mechanism became weak for the current users. They demanded for high security mechanism that can protect their wireless network. For completing this purpose, WAP came into existence with possible advancements.


802.1X authentication

If you are using Wi-Fi, 802.1X authentication protocol helps in authenticating a user over the wireless network with the mean of a Radius server. In standard Wi-Fi use of 802.1X authentication protocol is not mandatory. But in case of WPA 802.1X authentication is a necessary requirement and it used pre shared key concept in spite of Radius Server.


Key Management for WPA

Key management was a tedious and manual task for the WEP security mechanism. There was no global rekeying technique for WEP security system. It was not possible for big organizations to change WEP static key from time to time. This was the biggest limitation of the WEP security system that was handled by WPA advanced security system.


WPA uses TKIP (Temporary Key Integrity protocol) that generates the key dynamically for each frame and prevents the packet from collision. As separate key is generated for each frame, it becomes very difficult for hackers to detect the key for each packet and hence TKIP increases security for wireless networks. TKIP works as the heart of the WPA security mechanism and it is an essential requirement for WPA security system.


MIC (Message Integrity Check)

As we have already discussed, that message is broadcast in the form of packets. Every packet is protected through TKIP key value. Now it is necessary to integrate the message at the receiving end. But the problem is hackers may interrupt in between then how to ensure the delivery of correct message at the receiving end? The answer of the problem is MIC (Message Integrity Check) that ensures that message is not corrupt and tampered by the hacker.


MIC is advancement over CRC (cyclic redundancy check). The main drawback of CRC is that it does not ensure strong and correct message integration. MIC uses a security algorithm along with ICV (integrated check value) for message integration without any interruption by the hacker. WEP security system was using only ICV technique for message integration so it was not so secure. MIC also protects the packets from wireless replay attach by adjusting a frame counter along with each frame.


How WPA is implemented?

For implementing WPA, you require specific hardware and software. Without these hardware and software, you would not be able to take advantage of WPA security mechanism. Most of the hardware components are not able to identify the WPA standard. You have to buy specific hardware from manufacturer according to requirement for implementing WPA. This is the only drawback associated with WPA standard that many users are not able to take advantage of WPA.


You have to install WPA client over the operating system for implementing WPA. WAP client can easily be downloaded from Microsoft website. Without a WPA client, it is not possible to use WPA security standard. WPA client works over Windows XP and Windows Server 2003. For a new user, it is necessary to understand the basic requirements of WAP before using and implementing WAP security mechanism.


Mix and Match

Implementing WPA can be a big challenge for the new users and also it can be expensive to use new hardware for the WPA systems. But it is good to know that both WPA and WEP can be used at the same time. You just need to know how to integrate TKIP along with WEP security mechanism for making it more useful and reliable for the users. WPA was mainly designed for covering the drawbacks of the WEP security standard and to protect the sensitive data of the users. With passage of time, this standard is also gaining popularity among the users.


Distinguishing WPA on the basis of Target users

The usage of WAP security standard also depends on the target users. WAP is divided into two parts on the basis of target users. These are WPA Personal and WPA Enterprise.


1.            WPA Personal

WPA Personal security standard is designed for small networks where requirement of authentication server is not necessary. It is less complex and also termed as WPA pre shared key mode. It is also easy to understand for initial users. WPA personal security standard is most commonly preferred for small offices and home use only. If you want to secure large wireless networks then WPA Enterprise is optimum choice.


2.            WPA Enterprise

WPA Enterprise is also termed as WPA 802.1x authentication where requirement of authentication server is mandatory. WPA Enterprise is suitable for large wireless networks where you want to secure sensitive data and other sensitive information. WPA Enterprise is much complex as compared to WPA personal security standard. There is no doubt that extra complexity is directly related to level of security. Now this is your choice which security mode is better for your organization.


Distinguishing WPA on the basis of Versions



WPA is an advanced security mechanism designed to replace WEP and uses TKIP for providing security to the wireless networks.



WPA 2 is advancement over WPA that has become a mandatory standard for all Wi-Fi certified devices from 2006. WPA 2 makes use of CCMP protocol instead of TKIP protocol. There is no doubt WPA 2 provides additional security as compared to WPA standard and also accepted by IEEE in 2004. CCMP is a stronger protocol that is based upon AES security based mechanism. So CCMP is also termed as AES sometimes.