WPA/WPA2: Placebo or Panacea?
Faculty of Computing, Health and Science
School of Computer and Information Science / Centre for Security Research
The increase in the use of wireless networks has seen a subsequent demand for greater security. Early security mechanisms in the 802.11 wireless protocol suite did not provide adequate security for either data or authentication. The IEEE developed the 802.1 Ii extension to address these security problems, with the public name being Wi-Fi protected Access (WPA). This introduced strong mutual authentication and also data encryption to protect wireless networks, and the claim is made that wireless networks using WPA are secure. Tools such as Hotspotter and Aireplay can be used to crack WPA, allowing for defeat of both personal and enterprise methods used to authenticate users and access points. In addition, problems associated with Layer 1 and 2 denial of service attacks have not been addressed. It would be unwise to rely on WPA / WPA2 in isolation to protect a wireless network.