Answer

How the 802.11ac standard impacts security

Lisa A. Phifer, Wireless Expert

How will the 802.11ac standard impact security?

    Requires Free Membership to View



The upcoming 802.11ac standard (aka "gigabit Wi-Fi") is largely an incremental improvement to 802.11n, intended to significantly boost data rates and help Wi-Fi be applied to new use cases, such as high-definition video distribution. Enterprise-class draft 11ac products are expected to be Wi-Fi-certified and available by mid-2013. Products based on the final 11ac standard will follow at least a year later.

Read more of Lisa's advice

Obtaining wireless access control for personal devices

Elements to consider when creating a Wi-Fi policy

Wireless network settings for Android troubleshooting

One noteworthy security impact of draft 11ac is that it will operate only in 5 GHz channels. Businesses will want to start or increase scanning of 5 GHz channels for rogue APs and other unauthorized activities, but they'll still need to monitor 2.4 GHz to make sure intruders don't "hide" there. In addition, they'll need to keep an eye on the new 80 MHz and 160 MHz channels, which occupy similar frequencies as older 20/40 MHz channels in the 5 GHz band but do so in a slightly different way.

Eventually, final 802.11ac specification may have a more significant impact on security by introducing a new security protocol, the Galois/Counter Mode Protocol (GCMP). The final standard is expected to offer this option in addition to today's mandatory CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). Both are used with Advanced Encryption Standard (AES), but the new GCMP operates more efficiently to keep up with very high data rates. According to RFC 5288, GCMP can be efficiently implemented in hardware for speeds of 10 Gbps and above.

Do you have a question for our experts?

Submit your question directly to our editors at editor@searchnetworking.com.

Since the 802.11ac standard maxes out just under 7 Gbps, GCMP may not be absolutely necessary for 11ac, but it will probably start to emerge in new 11ac devices designed for very high-throughput applications such as HD video inside the home. Note that GCM encryption of 11ac frames* won't ever be supported by older Wi-Fi products, only next-generation products. This may complicate security policies for a while, as businesses will have to allow AES-CCMP for backward compatibility while transitioning toward AES-GCMP -- much like how the industry migrated from Wi-Fi Protected Access (WPA) Temporal Key Integrity Protocol to WPA2 (CCMP) over the past decade.

* Note: Some products (e.g., WLAN controllers with built-in VPN gateways) already use GCM with other security protocols such as IPsec ESP.

This was first published in November 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: