To learn about work underway in the IEEE, see the 802.11i task group page at http://grouper.ieee.org/groups/802/11/Reports/tgi_update.htm.
As a near-term upgrade for legacy 802.11 access points and clients, TGi has specified enhancements that the Wi-Fi Alliance will be testing under the name Wi-Fi Protected Access (WPA). WPA includes a new Temporal Key Integrity Protocol (TKIP) that uses key mixing and a longer initialization vector to overcome known problems in WEP that lead to key cracking. WPA also includes a real Message Integrity Check (MIC) called Michael that prevents wireless data from being modified in transit without detection. Finally, WPA manages keys to prevent static key reuse over long periods of time. In a home environment, WPA uses a shared secret passphrase to generate per-station encryption keys. In a business environment, WPA uses 802.1X port access control to distribute per-session keys to successfully authenticated stations, blocking WLAN access by all other stations.
The catch with 802.1X is that authentication is based on the Extensible Authentication Protocol (EAP), and there are many different EAP types. If you would like to research this topic, get familiar with existing and emerging EAP types like LEAP, EAP-TLS, EAP-TTLS, PEAP, and EAP-SIM. Each of these types has advantages, disadvantages, and somewhat different security properties. Researchers are actively working to evaluate these EAP types, finding and filling potential security holes. To learn more about EAP types, visit the IETF PPP Extensions working group page at http://www.ietf.org/html.charters/pppext-charter.html.
As a long-term "green field" solution for link layer security, TGi is working on new specifications that will use the Advanced Encryption Standard (AES) for both data confidentiality and integrity. To learn more, read the proposal "AES Encryption & Authentication Using CTR Mode with CBC-MAC" posted on the TGi website. To learn about AES itself, visit the NIST website at http://csrc.nist.gov/encryption/aes. AES is a new, efficient, strong crypto algorithm, but to actually use AES to encrypt data, once must define what is called a "mode". There are many AES modes, and exactly how AES will be used to protect 802.11 data is still under discussion. If you are interested in cryptography, you might consider researching AES modes, their application to 802.11 wireless, and the performance ramifications of doing so.
Other areas that are still under development within TGi include an authentication framework for ad hoc mode (peer to peer independent BSS's), the security implications of 802.11f (inter-access-point handoff), and the security implications of 802.11e (quality of service enhancements). You can learn more about these other 802.11-series standards under development by visiting http://grouper.ieee.org/groups/802/11/index.html.
In addition to work on link layer security measures, there is also considerable innovation underway regarding application of security measures at other layers, as well as other aspects of building secure networks that include a wireless component.
For example, wireless gateways and "mobile VPN" products use creative techniques to provide secure network and transport layer tunnels that persist when the client roams from wireless LAN to LAN, or from wireless LAN to WAN. If secure mobility sounds interesting to you, there is certainly plenty of room for research and innovation in this area.
Another example is wireless intrusion detection. Some aspects of wired IDS also apply to intrusions originating from wireless LANs, but there are also unique aspects of wireless IDS that vendors and users are just beginning to understand and address.
These are just a few of the many wireless security challenges that remain unsolved. In my view, these are not so much problems that need fixing as they are areas for expansion and refinement. Wireless LAN technology is still relatively immature; creating stronger, faster, and more scalable security infrastructure to support wireless LANs is part of that maturation process.