WPA™ Deployment Guidelines for Public Access Wi-Fi® Networks

WPA provides a strong standards-based, interoperable security solution that addresses the
known flaws in the original WEP security mechanism. WPA utilizes TKIP to provide data
encryption enhancements including a per-packet key mixing function, a message integrity check
(MIC), an enhanced initialization vector (IV) with sequencing rules, and a session-based
keying/re-keying mechanism. To strengthen user authentication, WPA implements IEEE 802.1X
and the Extensible Authentication Protocol (EAP). Cryptographers have reviewed Wi-Fi
Protected Access and have verified that it meets its claims to close all known WEP vulnerabilities
and provides an effective deterrent against known attacks.

WPA has been acknowledged as a secure WLAN solution for Enterprise-class deployments, and
much thought has gone into assessing the practical and theoretical deployment of WPA for use in
Public Internet Access services as well. With the strong vendor adoption of WPA, it is time for
WPA deployment in Public Access venues. There are many compelling reasons for Wi-Fi
Service Providers to adopt WPA. While much of the focus on WPA revolves around
enhancements to Wi-Fi security, the technologies that form Wi-Fi Protected Access deliver
additional benefit in the form of 802.1X authentication. As a service platform for Public Internet
Access, WPA promises:

- Enhanced Security

- Flexibility

- Interoperability

- A Platform for Innovation

This document provides a general reference to best practices, emerging technologies and
practical applications of Wi-Fi in Public Network Access with particular emphasis on WPA. This
document primarily seeks to educate and inform, but makes specific recommendations in an
attempt to facilitate the broad adoption of WPA in Public and Private venues under well-
established principles.

This whitepaper represents a consensus view of the Wi-Fi Alliance, an organization created to
promote 802.11-based interoperable Wi-Fi products. As such, this document is the result of two
primary sources of input -- the Wi-Fi Members themselves and various 'liaisons' with other
Standards Bodies as mentioned in the Acknowledgements to follow.

The Wi-Fi Alliance has reviewed the recommendations of this document with the standards and
recommendations of these various organizations and seeks to endorse and promote the use of
existing standards. The Wi-Fi Alliance had been granted permission to reference and in some
cases reproduce these organizations' findings in support of their work. This document represents
the product of that work, particularly as it relates to the application of WPA and related features
and services. As this document contains both original and referenced content, extensive
endnotes of external sources are provided.

Downloadable File

WPA™ Deployment Guidelines for Public Access Wi-Fi® Networks