Troubleshooting Q&A - September 22, 2005
Deciphering the Latest Wireless Acronyms
Stumped by acronyms such as WPA2 and WMM? You're not alone. We define these new terms and, more importantly, explain why you need to care about them.
By Ron Pacchiano
Q. I've been experiencing a lot of problems with my router lately, so I decided that the time had come to replac it. While I was perusing the store selves at the local Best Buy and reading through the various router specifications, I came across a router that indicated support for WPA2 and WMM. I'm familiar with WPA, but I had never heard of WPA or WMM. I'll assume that WPA2 is an improvement on WPA, but I'm at a lost where WMM is concerned. Could you please explain what the difference is between WPA and WPA2, and also clarify for me what WMM is and what it's supposed to do? Thanks!
A. Acronyms come and go so quickly in this industry that it's easy to occasionally miss a few. Both of these are also relatively new, so I'm not surprised you haven't heard of them yet. Before we explain what's new in WPA2, let's take a look back at WPA, for those of you not familiar with it.
WPA is a specification of security enhancements that increases the level of data protection and access control for existing Wi-Fi networks and was designed to be forward compatible with the upcoming IEEE 802.11i specification. In addition to user-authentication capabilities and support for the Extensible Authentication Protocol (EAP), WPA uses enhanced data encryption technology via the Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements, including a per-packet key-mixing function, a message integrity check (MIC), an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
The important thing to take away from all this is that when all of these protocols are brought together, these features make WPA a far stronger security solution than WEP. The way it works is that WPA keeps out unauthorized users by requiring all devices to have a valid password. Once the password has been verified, the TKIP-encryption process begins. Based on the original password, TKIP mathematically derives a new security key, which is then used by all the wireless clients for network access. TKIP will automatically update this key on a regular basis. The reason for this is that long and constantly changing encryption keys are extremely difficult to decode.
This is where the mechanics of WPA are substantially different from WEP. In WEP the same static encryption key is used over and over again. While no security mechanism can be considered "absolutely secure," the protection given by WPA is strong enough to prevent most attacks, even many sophisticated ones. As such, WPA offers a pragmatic, economical security mechanism for most users.
As good as WPA is, though, there is always room for improvement. This brings us now to WPA2. Currently, WPA2 is the most secure wireless communication protocol available today. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard and is eligible for Federal Information Processing Standard (FIPS) 140-2 compliance. The key difference between WPA and WPA2 is the inclusion of the Advanced Encryption Standard (AES). AES is an encryption algorithm for securing sensitive (but unclassified) material by U.S. Government agencies, and, as a likely consequence, may eventually become the de facto encryption standard for commercial transactions in the private sector. It should be noted however, that encryption for the U.S. military and other classified communications is handled by separate, secret algorithms. AES cryptography is based on the Rijndael (pronounced rain-dahl) algorithm created by Belgian cryptographers, Joan Daemen & Vincent Rijmen
802.11i provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards. Other features include key caching, which facilitates fast reconnection to the server for users who have temporarily gone offline, and pre-authentication, which allows fast roaming and is ideal for use with advanced applications such as Voice over Internet Protocol (VoIP). You may be be able to upgrade some WPA products to WPA2 by software. Others may require a hardware change due to the computationally intensive nature of WPA2's required AES encryption.
Now let's discuss the new WMM protocol. WMM or Wi-Fi Multimedia is a standard created to define quality of service (QoS) in Wi-Fi networks. It is a precursor to the upcoming 802.11e standard, which is meant to improve audio, video and voice applications transmitted over Wi-Fi.
Through the use of this standard, network administrators will be able to prioritize traffic that would suffer if delayed. An example of this is VoIP. Imagine, for example, that you just switched your telephone system to a VoIP system. Shortly after you notice that during the hours of peak network usage, your calls start dropping packets, making the conversations taking place at the time frustrating and useless. The QoS features of WMM would make sure that the VoIP calls receive the highest priority, ensuring that your calls always sound loud and clear. Currently, only a handful of products from vendors like Linksys, Atheros, Cisco, Broadcom and Intel have been certified for WMM, but expect to see more over the next few months.
Use our feedback form to submit your questions on home or SOHO networking issues. Please be as specific as possible. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|