̈ Chapter 11: Wireless LAN – WLAN LANCOM Reference Manual LCOS 3.50
223
Wireless LAN – WLAN
Further advantages of this procedure include its simple implementation in the
access point, with little extension to existing hardware. The disadvantage of
the procedure is its complexity. The maintenance of the central RADIUS server
and the certificates stored there is generally only possible in large installations
with a separate IT department—it is less suitable for use in the home or in
smaller companies. Furthermore, a minimum set of procedures has not been
established which a client or a server must support. Thus scenarios are quite
thinkable in which a client and a server cannot establish an EAP tunnel,
because the sets of procedures they support don't match. These practical
hurdles have thus limited EAP/802.1x to professional use so far—the home
user must simply make do with WEPplus, or address security problems on the
applications level.
11.2.5 TKIP and WPA
As should be clear from the last section, the WEP algorithm is flawed and
insecure in principle; the measures taken so far were largely either 'quick fixes'
with limited improvement, or so complicated that they were basically
impractical for home use or smaller installations.
The IEEE started a Task Group after the discovery of the problems with WEP
which addressed the definition of better security mechanisms, and which
should eventually result in the IEEE 802.11i standard. The composition and
ratification of such a standard, however, generally takes several years. In the
meantime, market pressure had grown to the point where the industry could
no longer wait for the finalisation of 802.11i. Under the auspices of Microsoft,
therefore, the WiFi Alliance defined the Wifi Protected Access (WPA)
'standard'. The WiFi Alliance is an association of WLAN manufacturers which
promotes the manufacturer-independent function of WLAN products and, for
example, awards the Wifi logo.
In the definition of standards, and 802.11i is no exception, the basic
mechanisms are generally known fairly quickly. The publication of the
standard mostly takes such a long time because of the fine details. These
details are often important only for rare applications. WPA thus took the
pragmatic route of extracting the parts of the 802.11i proposal which were
already clear and important for the market, and packing them into their own
standard. These details include:
̈ TKIP and Michael as replacement for WEP
̈ A standardised handshake procedure between client and access point for
determination/transmission of the session key.