Linux tools, Howtos


Tools Index


Wireless Commands


FC6 Build Howto


FC5 Build Howto


FC4 Build Howto


Live Linux Distros



Site Search







WIN32 tools, Howtos


Tools Index



Get Firefox!





Miscellaneous WI-FI


Default WI-FI Settings


Rogue AP Howtos


WI-FI Certifications


802.11 Standards




Formats / Extensions


WI-FI Home Security


Useful Links





802.11 (and related) Standards


















"802.11i is an amendment to the 802.11 standard specifying security mechanisms for wireless networks. The draft standard was ratified on 24 June 2004, and supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2 . 802.11i makes use of the Advanced Encryption Standard (AES) block cipher. WEP and WPA use the RC4 stream cipher." -Wikipedia.





Static WEP (Wired Equivalent Privacy) provides simple authentication and encryption based on unchanging shared keys that are preconfigured on all access points and client machines.

WEP is now recognised as being wholly flawed see the Fluhrer, Mantin and Shamir whitepaper:

Using tools such as Aircrack and Airsnort WEP can be broken in under 30 minutes or if the WEP key is based on a dictionary word it can be broken in under a minute (utilising WepAttack) as long as at least one encrypted packet has been collected.

WEP is better than using no security at all, but only just!





WPA (Wi-Fi Protected Access) is a set of modifications and improvements to WEP.  WPA's improvements include:

  • An improved Message Integrity Check (MIC) the Michael MIC to reduce the likelihood of packets being tampered with in transit.


  • Increase from 24 (used in by WEP) to 48 bits for the Initialisation Vector (IV) making key reuse less likely.


  • TKIP sequence numbers are introduced reducing the likelihood of replay attacks.


  • Whilst a static WEP key (master key) still needs to be entered on each device this key is never utilised directly.  This master key is combined with a clients MAC address and the 48 bit IV to produce the key that will encrypt the data.  Thus each device utilises a different keystream to encrypt their data.


  • WPA also provides the administrator with the ability to configure key change intervals (generally configured in seconds).

WPA offers a solid security solution for legacy hardware devices and whilst its implementation will degrade the performance of a network (due to the data overhead required for the extra security mechanisms) it is the best alternative to WEP available until WPA2 enabled hardware can be made available.

"Although WPA2 has been released, WPA will continue to play a valuable role in meeting the security needs for both enterprise and consumer Wi-Fi users." -WIFI Alliance





WPA2 (Wi-Fi Protected Access 2) puts the industry two generations beyond WEP and is based on the final IEEE 802.11i amendment to the 802.11 standard.  WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm. 


Personal and Enterprise versions of WPA2 are available. In the Personal mode of operation, a pre-shared key (password) is used for authentication, while in the Enterprise mode of operation, authentication is achieved via 802.1X and the EAP.  Personal mode requires only an access point and client device, while Enterprise

mode typically requires a RADIUS or other authentication server on the network.


WPA2 is backwards compatible with WPA the primary difference between WPA and WPA2 is the type of encryption used; RC4 and AES respectively



802.1x / EAP: 


802.1x or Extensible Authentication Protocol (EAP) is an IEEE standard for port based access control that is utilised to authenticate and authorise devices (is does not encrypt non-authentication traffic) attached to a LAN.  802.1x is not unique to wireless networks and is used extensively in wired LAN configurations.



802.1x/EAP provides:

  • User based identification (e.g. passwords, certificates).  Machine based static WEP keys are no longer used for authentication.

  • Mutual authentication between the client and the authentication server (except EAP-MD5).

  • All non-802.1x traffic is filtered until the client has successfully authenticated to the network.

  • Dynamic aka Session Key Management (except EAP-MD5).



EAP-MD5 is a password based authentication method.  EAP-MD5 is not recommended for WLAN use due to the fact that:

  • Only one way authentication is utilised (client authenticating server)

  • The server challenge and client hashed response of the server challenge may be sniffed by an attacker

  • Dynamic Key Management is not available (e.g. after authentication the WLAN may revert to the use of static WEP keys)

  • Susceptible to Man-in-the-Middle attacks


LEAP is Cisco's proprietary Lightweight EAP protocol it is solely password based (client and server).  Improvements it offers over EAP-MD5 are mutual authentication and Dynamic Key Management.  LEAP is susceptible to passive dictionary attacks (see Joshua Wright's asleap).



EAP-TLS is an authentication method based on the Secure Socket Layer (SSL) that is used for the majority of todays secure web transactions.  EAP-TLS provides mutual authentication and Dynamic Key Management whist suffering from none of the problems associated with EAP-MD5.

NOTE: EAP-TLS requires a Public Key Infrastructure (PKI) in place to manage both client and server certificates.  



EAP-TTLS and Protected EAP (PEAP) are both similar authentication mechanisms providing an extension to the EAP-TLS authentication scheme which eliminates the requirement for certificates on the client side, yet still provides mutual authentication.  The authentication process for both is as follows:

  • The server still requires a certificate and this is used to authenticate with the client and establish an encrypted tunnel. 

  • The client now securely authenticates to the server using which ever method is chosen e.g. passwords, secure tokens or certificates may also still be used.

EAP-TTLS and PEAP are the most secure enterprise authentication schemes available today.  Client certificate deployment and use rather than passwords would be ideal solution; due to the standard issues of users choosing poor passwords and concerns of brute force attacks.





   Copyright 2010 All Rights Reserved.