Introduction to 802.11i
802.11i was ratified on 24 June 2004, in order to address security issues in WiFi networks. Like WPE, it relies on the TKIP encryption algorithm, but it also supports the much more secure AES (Advanced Encryption Standard).
The Wi-Fi Alliance created a new certification, called WPA2, for devices that support the 802.11i standard (like laptop computers, PDAs, network cards, etc.)
Unlike WPA, WPA2 can secure wireless networks in infrastructure mode as well as networks in ad hoc mode.
The IEEE 802.11i standard defines two operating modes:
- WPA-Personal: This mode allows for the implementation of a secure infrastructure based on WPA without having to implement an authentication server. WPA-Personal rests on the use of a shared key, called PSK for Pre-shared Key, which is stored at both the access point and the client devices. Unlike WEP, it is not necessary to enter a key of pre-defined length. WPA lets the user enter a passphrase, which a hash algorithm then converts into a PSK.
- WPA-Enterprise: Enterprise mode requires 802.1x authentication infrastructure using an authentication server, generally a RADIUS server (which stands for Remote Authentication Dial-in User Service), and a network controller (the access point).