802.11/Wi-Fi® Security

802.11 Security Frameworks are only concerned with over-the-air security (i.e. station to AP).

For station to station security, an application-layer solution, like SSL/TLS needs to be used.


What are the goals of any security framework?

  • Communicate sensitive data (Goal: Data Privacy/Confidentiality)
    • Address snooping or eavesdropping
  • Guarantee data is unmodified (Goal: Data Integrity)
    • Address tampering (“man in the middle” attacks)
  • Assure source of data (Goal: Data Authenticity)
    • Address redirection (“man in the middle” attacks)

Available Frameworks

Options: WEP40/104, WPA-PSK (Preshared Key), WPA/2-PSK, WPA/2-EAP (Extensible Authentication Protocol)

  • WEP involves entering a phrase or hex equivalent (5 for WEP40 or or 13 Bytes for WEP104)
    • Not very secure, easily broken
    • Best case for Adhoc networks
  • WPA-PSK uses TKIP
    • Not very secure, easily broken
  • WPA/2-PSK uses 802.1x AES
    • Involves a changing key pair, it is started with a key calculated with SSID and phrase
  • WPA/2-EAP is a number of different application methods

Best Practices

  • WPA/2 is the current standard Wi-Fi®-certified security framework.
    • PSK (Personal) Mode
      • Small (Residential/SOHO), or transient network
      • Supported by most Wi-Fi® solutions today
    • EAP (Enterprise) Mode
      • Large, permanent network
      • EAP protocol processing capability is becoming available to stations
© 2016 Microchip Technology, Inc.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.