Enterprise Wireless Encryption
Strengthening WEP

WPA includes mechanisms from the emerging 802.11i standard for improving wireless data encryption. WPA has TKIP, which uses the same algorithm as WEP, but it constructs keys in a different way . These technologies are easily implemented using the graphical user interface (GUI) of the Cisco AP .

TKIP is also called WEP Key hashing and was initially referred to as WEP2. TKIP is a temporary solution that fixes the key reuse problem of WEP, as illustrated in Figure . WEP periodically uses the same key to encrypt data. The TKIP process begins with a 128-bit temporal key that is shared among clients and access points. TKIP combines the temporal key with the client MAC address. It then adds a relatively large, 16-octet initialization vector to produce the key that will encrypt the data. This is illustrated in Figure . This procedure ensures that each station uses different key streams to encrypt the data. WEP Key hashing protects weak Initialization Vectors (IVs) from being exposed by hashing the IV on a per-packet basis.

TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method, which significantly enhances the security of the network.

An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, WEP-only equipment will still interoperate with TKIP-enabled devices using WEP. TKIP is only a temporary solution. Most experts believe that stronger encryption is still needed.