54 Mbps Wireless Router WGR614v7 Reference Manual
D-10 Wireless Networking Basics
April 2006
How Does WPA Compare to WPA2 (IEEE 802.11i)?
WPA is forward compatible with the WPA2 security specification. WPA is a subset of WPA2 and
used certain pieces of the early 802.11i draft, such as 802.1x and TKIP. The main pieces of WPA2
that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized
802.11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP. These
features were either not yet ready for market or required hardware upgrades to implement.
What are the Key Features of WPA and WPA2 Security?
The following security features are included in the WPA and WPA2 standard:
• WPA and WPA2 Authentication
• WPA and WPA2 Encryption Key Management
– Temporal Key Integrity Protocol (TKIP)
– Michael message integrity code (MIC)
– AES support (WPA2, requires hardware support)
• Support for a mixture of WPA, WPA2, and WEP wireless clients to allow a migration strategy,
but mixing WEP and WPA/WPA2 is discouraged
These features are discussed below.
WPA/WPA2 addresses most of the known WEP vulnerabilities and is primarily intended for
wireless infrastructure networks as found in the enterprise. This infrastructure includes stations,
access points, and authentication servers (typically RADIUS servers). The RADIUS server holds
(or has access to) user credentials (for example, user names and passwords) and authenticates
wireless users before they gain access to the network.
The strength of WPA/WPA2 comes from an integrated sequence of operations that encompass
802.1X/EAP authentication and sophisticated key management and encryption techniques. Its
major operations include:
• Network security capability determination. This occurs at the 802.11 level and is
communicated through WPA information elements in Beacon, Probe Response, and (Re)
Association Requests. Information in these elements includes the authentication method
(802.1X or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).