802.11i / WPA2

Latest update on Thursday 16 October 2008 à 09:43 by Jean-François Pillou.

Introduction to 802.11i

802.11i was ratified on 24 June 2004, in order to address security issues in WiFi networks. Like WPE, it relies on the TKIP encryption algorithm, but it also supports the much more secure AES (Advanced Encryption Standard).

The Wi-Fi Alliance created a new certification, called WPA2, for devices that support the 802.11i standard (like laptop computers, PDAs, network cards, etc.)

Unlike WPA, WPA2 can secure wireless networks in infrastructure mode as well as networks in ad hoc mode.

WPA Architectures

The IEEE 802.11i standard defines two operating modes:

  • WPA-Personal: This mode allows for the implementation of a secure infrastructure based on WPA without having to implement an authentication server. WPA-Personal rests on the use of a shared key, called PSK for Pre-shared Key, which is stored at both the access point and the client devices. Unlike WEP, it is not necessary to enter a key of pre-defined length. WPA lets the user enter a passphrase, which a hash algorithm then converts into a PSK.
  • WPA-Enterprise: Enterprise mode requires 802.1x authentication infrastructure using an authentication server, generally a RADIUS server (which stands for Remote Authentication Dial-in User Service), and a network controller (the access point).

More information

  • Introduction of WPA2 by the Wi-Fi Alliance
Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
Related
This document, titled « 802.11i / WPA2 », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).