802.11i has taken a long time to come to fruition. Although work began in 2001, the standard was only ratified in 2004. Speed is not the primary criterion for standards development, nor should it necessarily be. Standards should be developed under the watchful and considerate eyes of many people, and such consideration takes time. Undue speed can lead to insufficient analysis, which can lead to gaping security holes such as we have seen in WEP. Vendors, however, do view time-to-market as a primary criterion, which has led to some variants of 802.11i.
Cisco was concerned about the lack of solutions for the problems in the WEP protocol. 802.11i was progressing slowly, so Cisco developed its own versions of key mixing and message integrity check algorithms. Cisco Key Integrity Protocol (CKIP) is the Cisco version of the TKIP protocol. It has a key mixing function based on an algorithm presented by Doug Whiting to the 802.11i Task Group. It involves a sequence number to ensure that the actual WEP key changes from packet to packet. Thus, it also thwarts the Fluhrer-Mantin-Shamir attack. Cisco Message Integrity Check serves the same purpose as the 802.11i MIC and is in fact stronger than Michael. It is based on Shai Halevi and Hugo Krawczyk's MMH hashing algorithm. It also prevents replayed packets by using an increasing counter and remembering sequence numbers it has seen. Cisco developed a proprietary rekeying mechanism as part of CKIP. Rather than being derived by both wireless parties, as they are in 802.11i, keys are calculated by the AP and are distributed via EAPOL-Key packets. This makes implementation on the client much easier. These algorithms allowed Cisco to close the WEP holes quickly, but they were not the algorithms eventually selected by the 802.11i Task Group. Thus, Cisco now offers two versions of each of these algorithms: the proprietary Cisco version and the standard 802.11i version. Cisco recommends the 802.11i standard protocols.
As was mentioned in the introduction to this chapter, WPA is an industry standard, developed from 802.11i drafts by the Wi-Fi Alliance. The alliance adopted as much of the 802.11i version available at the time as it could. It was intended to bring a more immediate standard than the IEEE committee could provide, yet be as forward compatible with 802.11i as possible. The Wi-Fi Alliance did so with the intention of adopting 802.11i when it became finalized. The Wi-Fi Alliance will call the new standard WPA2.
The Wi-Fi Alliance (http://www.wi-fi.org) is an industry association of more than 200 companies, including 802.11 equipment manufacturers, chip foundries, software companies, and many others. Its role is to promote 802.11 gear and to certify interoperability of products. Its members have a strong interest in seeing 802.11 succeed and be as widespread as possible.
Like Cisco, the Wi-Fi Alliance and its other members were concerned about the security problems in 802.11. Security vulnerabilities stood to give the standard a bad name and hurt everyone's sales. This is why the Wi-Fi Alliance developed WPA.
WPA is based on an early draft (version 3.0) of the 802.11i standard, and it primarily implements TKIP, 802.1x authentication, and key management. WPA also includes the requirement to use open key authentication and to obsolete the flawed shared-key authentication. Administrators can use either 802.1x or preshared keys. The PSKs can be configured using either 64 hexadecimal characters or an ASCII pass phrase via a hash algorithm. Like 802.11i, WPA capabilities are advertised in beacons, probe responses, association requests, and reassociation requests.
A network can mix WPA and legacy WEP nodes in what is called mixed mode. However, the security of these networks can be compromised using WEP vulnerabilities, and this should be used only temporarily for networks in transition to WPA. WPA is not interoperable with WPA2 because the 802.1x specifications are different.