Wpa Faq

[Rottz]

WPA FAQ
By Broadcom

Q. What is Wi-Fi Protected Access?
Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security enhancements that strongly increase the level of data protection (encryption) and access control (authentication) for existing and future wireless LAN systems. WPA is derived from and will be forward-compatible with the forthcoming IEEE 802.11i draft standard. It fixes all known weaknesses of Wired Equivalent Privacy (WEP), the original security mechanism introduced with the 802.11 standard. The technical components of WPA include Extensible Authentication Protocol(EAP), Temporal Key Integrity Protocol (TKIP), Message Integrity Check(MIC), and 802.1X for authentication and dynamic key exchange.

Q. What does WPA mean to customers?
WPA provides Wi-Fi wireless LAN users with a high level of assurance that their data will remain safe and protected and that only authorized users can access the network. WPA is especially attractive for enterprise customers, satisfying the demanding security needs of large business networks. We expect that the availability of WPA-enabled products will increase enterprise adoption of Wi-Fi wireless LANs, and the majority of existing customers will upgrade their wireless infrastructure to support WPA as a standards-based solution.

Q. How does WPA work?
In the WPA-enabled network, the client (notebook) first associates with the access point. The access point blocks LAN access until the user can be authenticated. If the client proves credentials to the authentication server, the client is allowed to join the LAN. If not, the client stays blocked from joining the LAN. Once the client joins the LAN, the authentication server distributes a TKIP encryption key to both the client and the access point. The client can then begin communicating on the LAN, encrypting data back and forth with the access point.

Q. Will WPA work for home and small business users?
Yes. Wi-Fi Protected Access has a special mode designed for home and small business users who do not have access to network authentication servers. In this mode, known as Pre-Shared Key, the user manually enters the starting password in their access point or gateway, as well as in each PC on the wireless network. Wi-Fi Protected Access takes over automatically from that point, keeping unauthorized users that don't have the matching password from joining the network, while encrypting the data traveling between authorized devices.

Q.What are the hardware and software requirements for enterprise?
The hardware requirements for enterprise include an authentication server (RADIUS server), WPA-enabled access point, and a WPA-enabled client. Once WPA is enabled, all clients and access points on the network must be WPA-enabled in order to access the network.
Software requirements include a strong EAP type such as TLS, TTLS, or PEAP running on the RADIUS server. The access point must run TKIP and 802.1X. The client must run TKIP, 802.1X, and an EAP supplicant with the authentication protocol that matches the RADIUS server.

Q. What is 802.11i?
802.11i is the IEEE draft specification for wireless LAN security, and is not yet finalized. The components of 802.11i are essentially WPA, plus Advanced Encryption Standard (AES).

Q. How does WPA impact network performance?
Internal Broadcom benchmarks have demonstrated the same high performance data throughput with or without WPA enabled.

Q. How does WPA compare to Wired Equivalent Privacy (WEP)?
WEP was fundamentally flawed, and eventually cracked by scientists and hackers. WPA fixes the flaws of WEP.

Q. What does it mean for Broadcom's products to be certified for Wi-Fi Protected Access?
The Wi-Fi Alliance, which conducts rigorous interoperability tests on Wi-Fi products, is now testing devices for WPA certification. This guarantees seamless operation among Wi-Fi products from different vendors implementing WPA security. Broadcom products were chosen by the Wi-Fi Alliance to be used in the standard test bed, and will be used as the yardstick that all other products are measured against for interoperability. As one of the first vendors to be certified for WPA, Broadcom is enabling its customers to quickly deliver products enabled with WPA.

Q. Which Broadcom products are actually WPA CERTIFIED?
The Broadcom 802.11g Access Point Reference Design, BCM94306 GAP and the Broadcom 802.11g CardBus Reference Design, BCM94306 CB have been WPA-CERTIFIED.

Q. When will Broadcom ship WPA solutions to its partners?
Broadcom is currently shipping reference designs that are WPA-CERTIFIED to its partners. Broadcom-based products that are already in the market may be updated through a software download from the manufacturer's web site. Check the manufacturer's web site for availability and instructions.

Q. What is involved in upgrading existing wireless products to support WPA?
WPA was designed to run on existing wireless access points and client devices with a software upgrade. In addition to upgrading their network interface card, PC users will also need to upgrade their client with software called a "supplicant." With the help of Broadcom, Microsoft developed a supplicant for Windows XP users. Broadcom is working to develop supplicants for Windows 2000, Windows 98 and other operating systems.

Q. Which wireless LAN vendors are using 54g chipsets?

Broadcom's 54g™ customer list continues to grow as consumers and enterprises demand high performance products. Broadcom supplies the industry's leading wireless LAN system vendors, including Linksys, Belkin and Buffalo/MELCO.

Broadcom is also seeing tremendous up-take for 54g™ from notebook PC manufacturers. In addition to our ongoing relationship with Apple, we recently announced that Dell is providing two configuration options in its new Latitude D line, 54g™ and dual-band 802.11a/g, and HP has adopted 54g™ for its new Compaq Presario 2100 and 2500 series notebooks. Several other PC manufacturers are lined up to announce in the coming months.

WPA FAQ

• WPA Whitepaper by Broadcom