Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 33|Likes:
Published by api-3710188

More info:

Published by: api-3710188 on Oct 14, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Wireless Security Corporation. All Rights Reserved
WPA-PSK: A Limited Solution for Securing a Wireless Network

The Wi-Fi Alliance recently introduced the Wi-Fi Protected Access (WPA) standard, which provides for
enhanced 802.11 wireless security. One of the strongest portions of this standard is the ability to provide
strong authentication via the 802.1x IEEE protocol for network port authentication. In order to leverage
this protocol, a RADIUS authentication infrastructure must be implemented which is not trivial or cost-free.
As a result, the WPA standard has been created with a WPA-PSK (pre-shared key) mode which provides
for less robust authentication and, as such, does not require a RADIUS infrastructure (WPA-PSK used to
be referred to as WPA-Home). This WPA-PSK authentication comes in the form of a shared secret. This
shared secret is a password that is programmed into both the Access Point (AP) and into each 802.11
wireless computer or device.

This document describes some of the deficiencies and challenges associated with WPA-PSK when used
to secure 802.11 networks. It also illustrates how WSC Guard fills in the gaps to provide a
comprehensive 802.11 security solution.


In eliminating the need for an 802.1x/RADIUS infrastructure, WPA-PSK also eliminates the strong
authentication that comes with these services. Instead, WPA-PSK relies on a pre-shared key.
This pre-shared key is used to kick-off the rotating WEP key required for encryption. Should this
single pre-shared key be compromised by an unauthorized entity, theentire 802.11 wireless
network (WLAN) in question would become vulnerable. Based on this significant vulnerability, the
Wi-Fi Alliance advises:

\u201cThe use of Pre-shared key is recommended for home use only, since the pre-shared key is used as the PMK [pairwise master key] impersonation between stations or a station impersonating an AP is possible.\u201d Wi-Fi Alliance WPA standard, Section 8.2, Version 1.2 -- December 16,2002.

By impersonating the AP, an unauthorized individual will have unencrypted access to all WLAN
data communicated by or to any wireless node. This could include, but is not limited to, data
communicated to and from file servers, storage devices, and internet applications. Aside from
exposing sensitive data to unauthorized eyes, this exploit could result in data manipulation and/or
business disruption.


One of the key advantages of wireless networking is the ability to allow temporary access to
visitors or guests of the WLAN. In order to allow a guest to have access to any portion of a WPA-
PSK WLAN, the shared secret must be given to that guest. The guest then has access to all of
the network resources available to the WLAN such as file servers, shared folders and shared
documents. This is a vulnerability that businesses should avoid if at all possible.

\ue000 WSC Guard leverages the 802.1x protocol for network port authentication, which does not rely on

a shared secret but rather leverages unique and individual names and passwords for each
802.11 wireless user. Combined with the WSC Guard internet-accessible RADIUS environment,
subscribers benefit from a highly robust authentication service for their 802.11 WLAN.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->