WPA and WPA2 - both using TKIP and AES??

Unanswered Question
Jun 26th, 2012

Hi all. My understanding is the following;

TKIP + 802.1x                =            WPA(1)

CCMP(AES) + 802.1x     =             WPA2

However, I notice on the Cisco WLCs that you can configure;

WPA with TKIP and/or AES (by default TKIP is enabled)

WPA2 with TKIP and/or AES (by default AES is enabled)

My questions;

  1. Why would you use WPA2 with TKIP *AND* AES?
  2. What would you use WPA and WPA2 with both using TKIP *AND* AES?

Thanks in advance for the clarifications

Darren

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4 (5 ratings)
Amjad Abdullah Wed, 06/27/2012 - 01:37

Hi Darren,

Your understanding is partially correct for the WPA and WPA2.

WPA supports TKIP(RC4). However, although not common, some later WPA certified cards support AES. (I've never seen this in practice in my life though. but others may faced it).

WPA2 supports CCMP(AES). However, TKIP is still supported for backward compatibility.

If one enabled WPA2 with both TKIP and AES on an access point this means that the client can connect using either TKIP or AES.

Also, WPA1/WPA2 not only work with 802.1x. PSK is also supported where you configure a pass phrase if you don't have a radius server.

HTH

Amjad

dazza_johnson Wed, 06/27/2012 - 03:03

Hi there, thanks for the reply.

Regarding the comment below, I just checked my Windows 7 wireless supplicant and it supports TKIP or AES for all WPA types; WPA-PSK, WPA2-PSK, WPA-Enterprise and WPA2-Enterprise.

"WPA supports TKIP(RC4). However, although not common, some later WPA certified cards support AES. (I've never seen this in practice in my life though. but others may faced it)."

I understand TKIP and AES as concepts. But, what makes WPA-TKIP different to WPA2-TKIP? Same with AES, what makes WPA-AES different to WPA2-AES? Does the WPA2 version introduce additional features - MIC, extended key size, etc - that WPA doesn't........??

Be keen to hear more thoughts.

Darren

Amjad Abdullah Wed, 06/27/2012 - 03:28

Darren:


WPA2-TKIP and WPA-TKIP are the same. WPA2 maintains support for TKIP for backward compatibility.

WPA-TKIP is normal. What - I think - the strange to see is WPA-AES because at the time of WPA there was no AES.

I am not aware about any special difference between the two. Devices that support WPA-TKIP though does not support AES because hardware limitations.

I think before fully ratifying and agreeing on 802.11i, there were vendors providing WPA chipsets that supports AES. Those need not necessarily be fully compatible with ratified 802.11i (WPA2), but they still support AES as encryption.

I will be also happy to hear from others about what they think.

Amjad

Amjad Abdullah Wed, 06/27/2012 - 03:32

Bty, your windows supplicant, you will be using WPA2 certified client adapter.

What I never seen is a WPA clients with AES capable. i.e. AES capable client that was made before formally agreeing on the AES standard.

dazza_johnson Wed, 06/27/2012 - 03:39

OK, so there is NO difference in WPA-TKIP and WPA2-TKIP. That is what you said, so I wonder why Cisco let you configure both independantly on the wireless controllers????

I agree with WPA-AES - what is that all about

You can also configure on Windows 7.....

Very confusing....

Amjad Abdullah Wed, 06/27/2012 - 04:09

Very confusing: Yes it is. I agree.

But you can consider it normal situation that is by default on most devices:

WPA2 - AES.

WPA - TKIP.

This is by default.

now, WPA2-TKIP: can be used if your client does not support AES while you want other AES capable clients connect to the same SSID. So you enable WPA2 with both AES and TKIP.

for WPA if you use TKIP that is normal. If you use WPA-AES then this is for devices that that supports AES before ratifying WPA2 (it may work with ratified version though).

If a WPA vendor (AP) used AES, you can configure your client to use WPA-AES.

You know what? I think it will work if you try to connect a client confnigured for WPA-AES to a WLAN configured for WPA2-AES (not WPA-AES).
I can't give it a try in production. But I may try it later.

You try it if you have a test AP and let us know

Amjad Abdullah Wed, 06/27/2012 - 04:16

I had the chance to try it now on cisco WLC.

WPA2-AES SSID and WPA-AES client - Does not work.

WPA-AES SSID and WPA2-AES client - Does not work.

:-/

dazza_johnson Wed, 06/27/2012 - 04:34

Thanks for testing, i guess that proves that there IS a difference between WPA-AES and WPA2-AES. There must be some fields that are different in some way.... So, can you test if a client in WPA-TKIP can connect to WPA2-TKIP SSID? This will prove the backward compatibility of TKIP that you mentioned before....

Thanks for the collaboration so far :-)

Amjad Abdullah Wed, 06/27/2012 - 05:06

Yes. you are correct.
I brough the correct answer to you after collecting wireless sniffer capture.

For WPA2, therei s a field in the 802.11 packet that is called RSN information element. This is not available in WPA.

So, if your clients are old (before WPA2) but they can use AES, you need to use WPA-AES with them because if you use WPA2-AES they will fail to connect because of the RSN information in the packet that they do not understand.

Wireless Beacon Packet that uses WPA-AES:

Wireless Beacon Packet for a WLAN that is using WPA2-AES:

To Answer: Why windows 7 has the ability to connect to WPA-AES, this is because if the vendor (the AP) supports only WPA (not WPA2) and also supports AES.

I hope this answers the questoin.

Amjad

Scott Fella Wed, 06/27/2012 - 05:16

Just to add my 2 cents, I never would setup a WLAN for both at the same time. So for basics... You have devices like windows 7 that you can configure a profile using various methods (wpa-aes, wpa-tkip, etc). Sometimes that does work, but here is the catch. Some client give you only the option to choose WPA-PSK, which means WPA-TKIP, WPA-ENTERPRISE, which means WPA-802.1x, WPA2-PSK, which is WPA2-AES and WPA2-ENTERPRISE, which is WPA2-802.1x. So you see what is the default encryption method is and why it doesn't work all the time when you mix it up.

Also, many devices don't like when you have both WPA-TKIP and WPA2-AES configured in a WLAN. This I know from being on the field

Sent from Cisco Technical Support iPad App

George Stefanick Wed, 06/27/2012 - 08:20

Scott couldnt be more right. In fact, older and some newer clients freak out when they see more than 1 RSN element. While other devices, like the cisco wifi phones, will actually pick the more secure security setting when more than 1 RSN is offered.

I just had a situation were we upgarded a network and allowed WPA/TKIP and WPA2/AES Enterprise on a SSID. The Silex bridges refused to asscoaite and only would when 1 RSN was offered. While all the other devices worked fine.

saravlak Wed, 06/27/2012 - 12:08

Only WPA-tkip & wpa2-aes are tested & certified as part of wifi certification, Enabling both mode is not tested as well.

Enabling both WPA-tkip & wpa2-aes should be avoided on infrastructure device when there is decrypt issues because some clients can't do well on mixed mode(which is not a standard). however, it works well with specific vendor infrastructure and their own clients Ex: cisco phone on cisco wlc, Motorola handhelds with their controllers goes well since this combination is tested in their respective labs.

By enabling all possible WPA & WPA2 on WLAN would burden the cpu of AP to specifically encrypt & decrypt them & it should be avoided on high density deployment.

dazza_johnson Wed, 06/27/2012 - 21:45

Thanks guys for the comments.

I have always left WPA-TKIP and WPA2-AES enabled as per the defaults, I asked this question more out of curiousity.

As per the excellent work by Amjad, WPA2 includes the RSN information element. Therefore the difference between the WPA-AES and WPA2-AES is the content of the RSN information element. I will have to read the 802.11i standard to understand the value that this gives to us......

Thanks for the comments guys.

Leo Laohoo Fri, 07/06/2012 - 18:19
Also, many devices don't like when you have both WPA-TKIP and WPA2-AES configured in a WLAN. 

Like iDevices.

Amjad Abdullah Sat, 07/07/2012 - 03:18

One thing that I found about IE:

on WLC CLI when I want to see the WLAN configuratin (show wlan ), I can see the following:

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Enabled

         TKIP Cipher............................. Enabled

         AES Cipher.............................. Disabled

      WPA2 (RSN IE).............................. Disabled

Cisco writes explicitly that with WPA the SSN is used. while RSN is used with WPA2 with either AES or TKIP.

Scott Fella Thu, 06/28/2012 - 04:51

Here is a good read

https://learningnetwork.cisco.com/thread/4143

Sent from Cisco Technical Support iPhone App

dazza_johnson Mon, 07/02/2012 - 19:56

Hi all. I have re-read the comments in the post and looked at the links provided - all of which have been very useful. We know that the packet structure of WPA differs to WPA2 with the RSN information element.

I have also done private research on this using Cisco books and the internet. I have deduced a conslusion. I have not read anything that explicitly backs up my theory, but it make sense to me

I'd be very interested to hear your comments guys. TKIP translates to WPA(1) and CCMP translates to WPA2 for the purpose of this post.

TKIP itself (put to one side PSK and 802.1x for simplicitly) is a method of creating a 'secure' WEP seed. I think most of us will agree with this. In addition, it offers more security features - a hash, etc. So, TKIP has a mechanism to create a secure WEP seed AND has a new packet format. What do we do with this WEP seed? By default, the secure WEP seed is fed into the RC4 algorithm to generate the encryption key which is used to encrypt the user data. This encrypted data is then inserted into the TKIP packet.

BUT, if the AES algorithm was selected then I believe that the secure WEP seed would be fed into the AES algorithm to generate the key which is used to encrypt the user data. In other words, with TKIP the actual encryption can be either RC4 (the default) or AES - hence the options available on the controller......

Similarly, CCMP is the overall framework with its own frame format. The encryption algorithm that you decide to use is up to you - either AES or RC4. Obviously, the way the encryption key is generated follows the CCMP protocol, but once you have this key I believe you can then use AES or RC4 to actually create the cipher text (encrypted data) and insert this into the CCMP packet.

If my theory above is correct, I believe the WLAN controller GUI is not accurate. It should be as per the attached screenshot;

I'm tempted to open a TAC case on this for the official low-down.....

Scott Fella Mon, 07/02/2012 - 20:13

dazza,

Try to look at it also from other vendors. Most, if not all, specify WPATkip or WPA2AES. I don't think personally there is anything wrong, it just the way it has been for a long time:) Here is a thread with Eric N from TAC, explaining the difference between wpa and wpa2.

Sent from Cisco Technical Support iPad App

dazza_johnson Mon, 07/02/2012 - 20:19

Hi Scott. When the other vendors specify WPA/TKIP and WPA2/AES - is that simply because they only support the defaults (WPA with RC4 and WPA2 with AES)??? Maybe they don't support WPA with AES for example, or WPA2 with RC4 like Cisco do.....??

Scott Fella Mon, 07/02/2012 - 20:29

Well the thing is, there are vendors like Microsoft and some handheld devices that give you all the options. Now most of the time it's the OS that allows you to specify it but who know want the actual wireless card can do. I understand what you are saying, but just imagine if they were to change that... Soooo many people should get confused:). At least you have an understand of both.

Sent from Cisco Technical Support iPhone App

George Stefanick Mon, 07/02/2012 - 20:19

Little confused by the term "WEP seed". But its funny you mention this becuase I would tend to agree with you, on a few items.

Lets get back to basics.

WPA and WPA2 as far as a process are identical. 802.11-2007 standard tells us that WPA2 should use AES or TKIP. Both are consider RSN. Although, most sniffers will not show RSN element when TKIP is used.

WIFI Alliance implemented WPA TKIP, because wep was broken, hence why you see WPA in devices today. At that time devices (chips) couldnt handle AES.

TKIP and CCMP are both protocols that encrypt data. The algorithm they use are TKIP(RC4) and CCMP(AES).  RC4 is a stream and AES is a block.

Folks normally dont get this deep. Are you studing for something ?

dazza_johnson Mon, 07/02/2012 - 20:30

Hi George. The 'WEP Seed' is used in the Cisco book I'm using that talks about TKIP. In WEP the WEP seed was created using the IV(24-bit)+WEP key(40-bit or 104-bit), that was then fed into RC4 to generate the encryption key. In TKIP, a much more convulated process is used to generate the resultant 128-bit WEP Seed, which is then fed into the RC4 process....

I agree with the back to basics sentences you write. I'm just trying to get a handle on how AES fits in with WPA and TKIP with WPA2...... If using WPA with AES and WPA2 with AES what is the difference? Packet structure? Generation of the encryption key?

I'm really interested in Cisco wireless security, hence why I am being so anal about this query. I have opened a TAC case because a customer enquired about this recently... I will let you know the result!

George Stefanick Mon, 07/02/2012 - 20:58

What book are you reading the 802.11 Wireless Security book from 2004?

I agree with the back to basics sentences you write. I'm just trying to get a handle on how AES fits in with WPA and TKIP with WPA2...... If using WPA with AES and WPA2 with AES what is the difference? Packet structure? Generation of the encryption key?


WPA and WPA 2 are identical for all intensive purposes. No one has or could point out to me the difference.

Standard (which means what vendors should follow, but sometimes doesnt) states WPA2 AES, but TKIP (optinal). Both are RSN.

Let me further add, why is AES and TKIP RSN ? It becuase they share mutal authentication (4 way handshake)

You ever read the CWSP ?

George Stefanick Mon, 07/02/2012 - 21:02

BTW ---

I do the same. If I read something and it doesnt make sense and we have smartnet --- TAC CASE ..

Amjad Abdullah Mon, 07/02/2012 - 23:53

George Stefanick wrote:

WPA and WPA2 as far as a process are identical. 802.11-2007 standard tells us that WPA2 should use AES or TKIP. Both are consider RSN. Although, most sniffers will not show RSN element when TKIP is used.

Geroge:

When using WPA2-TKIP the RSN element is there:

When using WPA with either AES or TKIP there is no RSN IE appears.

George Stefanick Tue, 07/03/2012 - 04:24

Amajd

How are ya buddy? My mention is that not all sniffers will state that. I looks like the one you are using does.

Sent from Cisco Technical Support iPhone App

Amjad Abdullah Tue, 07/03/2012 - 04:47

Hey George, I am doing great. what about you?

I got your idea. thanks for explanation.

BTW, I sent you a private message two days ago, have you seen it?

fbarboza Sat, 07/07/2012 - 10:30

Hi Darren,

The WLC allows you to configure any combination.

This may or may not work, depending if your wireless clients supports it and understands it.

But to avoid compatibility issues between the different brands of wireless clients and access points the WiFi alliance stated that we should use:

WPA version 1 or WPA with the cipher of TKIP to encrypt the traffic.

WPA version 2 with the cipher of AES to encrypt the traffic.

Any other option may or may not work depending on the wireless clients.

dazza_johnson Thu, 07/26/2012 - 23:19

Hi guys, I feel like I have reached a solid answer on this one and I can put it to bed.

First of all, as per previous posts, it is advisabled to only enable TKIP with WPA and AES with WPA2. Otherwise, there may be problems with other clients connecting.

My summary of what I have learned (feel free to point out anything you feel is wrong);

  • AES is REQUIRED for 802.11n speeds. This is because the encryption is performed in hardware (TKIP is performed in software and hence doesn't support 802.11n).
  • WPA2 supports AES and optionally TKIP.
  • In some way, TKIP is a more complex version of WEP! It is based on the RC4 algorith buts uses much stronger keying material and offers additional security features (i.e. anti-replay).
  • AES is considered more secure than TKIP (RC4).
  • You 'can' run AES with WPA 'if' both the client and AP support it.
  • You 'can' run TKIP with WPA2 'if' both the client and AP support it.
  • Whats the difference between WPA and WPA2? WPA has a WPA-IE (Information Element) included with management frames. WPA2 has a RSN-IE included with management frames. The structure and contents of these IEs are DIFFERENT. This is why a WPA-AES client cannot associates with a WPA2-AES AP - because the IE are different.
  • The purpose of a WPA IE is generally the same as an RSN IE, but a few fields are changed or omitted.
  • WPA2 RSN-IE support things like PMKID to support fast roaming (WPA-IE don't).
  • Whats the difference between WPA-AES and WPA2-AES? As per the above, the main difference is the presence of different IEs. WPA2-AES devices support fast roaming, whereas WPA-AES devices wouldn't (the WPA-IE doesn't provide PMKID that are used for fast roaming).
  • It could be argued that there is only a slight security enhancement from WPA-AES and WPA2-AES. The encryption is the same, however there are additional fields such as the PMKID to support fast roaming. In addition, AES support is limited with WPA but commonplace with WPA2.

I hope this helps you guys. Thanks to all the previous post replies, you have all helped me learn a lot about this.

Darren

George Stefanick Fri, 07/27/2012 - 05:15

If i could add.

802.11n could support TKIP, but the IEEE is trying to make metworks more secure by saying, if you have N speeds we are going to make sure you secure your network properly.

WPA2-AES supports (2) roaming methods. PMK Cache and Preautenication.

CISCOKID30 Tue, 01/14/2014 - 07:32

I currently work for AT&T and i had to use in some point both due to old computers and old software that dont support WPA2. I used the WLC with LAP and it works like a charm. I would use WPA2 + EAS personally. more security.

Scott Fella Tue, 01/14/2014 - 08:15

What you should do is create two profiles with the same SSID.  That is the preferred way to have an SSID with multiple encryption methods.

WLAN Profile 1

SSID1

WPA/TKIP

WLAN Profile 2

SSID1

WPA2/AES

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Actions

Login or Register to take actions

This Discussion

Posted June 26, 2012 at 10:41 PM
Stats:
Replies:34 Avg. Rating:4
Views:44466 Votes:0
Shares:5
Tags: wpa, tkip, aes, wpa2, -, both
+

Related Content

Discussions Leaderboard