Last month Wi-Fi Alliance announced the removal of TKIP security option from wireless devices. They have provided important information to network administrators and equipment vendors on the importance of using WPA2 wireless security encryption, and described potential considerations to take when evaluating whether to disable legacy WPA encryption.

Documentation from Wi-Fi Alliance describes the current problems encountered when using TKIP/WPA, the barriers encountered by the industry, the recommended solution by Wi-Fi Alliance®, and changes to the Wi-Fi CERTIFIED™ program to discourage the use of TKIP/WPA.

Some of highlights of the technical application note are below:

PROBLEMS WITH TKIP

• TKIP is an older security technology with known vulnerabilities to some cryptographic attacks.
• TKIP and WEP use the same underlying cipher, and consequently, they are vulnerable to a number of similar attacks.

RECOMMENDATIONS

1. Network administrators should purchase or deploy equipment that supports WPA2.
2. Network administrators should purchase or deploy equipment that supports WPA2.
3. Equipment vendors should proactively transition away from TKIP support by discouraging its use to their customer base, and removing the functionality in products as internal research indicates when their market no longer needs it.

IMPACT ON WI-FI ALLIANCE CERTIFICATION

Wi-Fi Alliance prohibits a Wi-Fi CERTIFIED device from offering a “TKIP-only” configuration option through the device’s primary interface. Wi-Fi CERTIFIED devices may continue to offer a “TKIP-only” mode through a secondary user interface to support legacy devices, when needed. Wi-Fi CERTIFIED devices are allowed, but discouraged to offer use of WPA / WPA2 mixed mode on the primary interface.

The complete technical note can be downloaded by the link below.