A security protocol for wireless networks that uses Advanced Encryption Standard (AES) to provide strong encryption and improved security over its predecessor, WPA.
WPA2 introduced WPA Enterprise mode.
From March 13, 2006, to June 30, 2020, WPA2 certification was mandatory for all new devices to bear the Wi-Fi trademark.
WPA2 employs AES with a 128-bit key, enhancing security through the CCMP. The CCMP protocol ensures robust encryption and data integrity, using different Initialization Vectors (IVs) for encryption and authentication purposes.
Initially, devices associate with the Access Point (AP) via an association request. This is followed by a 4-way handshake, a crucial step for ensuring both the client and AP have the correct Pre-Shared Key (PSK) without actually transmitting it. During this handshake, a Pairwise Transient Key (PTK) is generated.
The 4-way handshake involves:
The AP sending a random number (ANonce) to the client.
The client responding with its random number (SNonce).
The AP calculating the PTK from these numbers and sending an encrypted message to the client.
The client decrypting this message with the PTK, confirming successful authentication.
Post-handshake, the established PTK is used for encrypting unicast traffic, and the Group Temporal Key (GTK) is used for broadcast traffic. This comprehensive authentication and encryption mechanism is what makes WPA2 a robust security standard for wireless networks.