802.11/Wi-Fi® Security

802.11 security frameworks are only concerned with over-the-air security (i.e. station to AP).

For station to station security, an application-layer solution, like SSL/TLS needs to be used.

Goals

What are the goals of any security framework?

  • Communicate sensitive data (Goal: Data Privacy/Confidentiality)
    • Address snooping or eavesdropping
  • Guarantee data is unmodified (Goal: Data Integrity)
    • Address tampering (man in the middle attacks)
  • Assure source of data (Goal: Data Authenticity)
    • Address redirection (man in the middle attacks)

Available Frameworks

Options: WEP40/104, WPA-PSK (Preshared Key), WPA/2-PSK, WPA/2-EAP (Extensible Authentication Protocol).

  • WEP involves entering a phrase or hex equivalent (5 for WEP40 or 13 Bytes for WEP104):
    • Not very secure, easily broken
    • Best case for ad-hoc networks
  • WPA-PSK uses TKIP:
    • Not very secure, easily broken
  • WPA/2-PSK uses 802.1x AES:
    • Involves a changing key pair, it is started with a key calculated with SSID and phrase
  • WPA/2-EAP is a number of different application methods.

Best Practices

  • Use WEP, WPA?
  • WPA/2 is the current standard Wi-Fi®-certified security framework.
    • PSK (Personal) Mode:
      • Small (Residential/SOHO), or transient network
      • Supported by most Wi-Fi® solutions today
    • EAP (Enterprise) Mode:
      • Large, permanent network
      • EAP protocol processing capability is becoming available to stations
© 2024 Microchip Technology, Inc.
Notice: ARM and Cortex are the registered trademarks of ARM Limited in the EU and other countries.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.