How the 802.11ac standard impacts security

The upcoming 802.11ac standard is an improvement over 802.11n, but how could security be impacted? Wireless expert Lisa A. Phifer explains.

How will the 802.11ac standard impact security?

The upcoming 802.11ac standard (aka "gigabit Wi-Fi") is largely an incremental improvement to 802.11n, intended to significantly boost data rates and help Wi-Fi be applied to new use cases, such as high-definition video distribution. Enterprise-class draft 11ac products are expected to be Wi-Fi-certified and available by mid-2013. Products based on the final 11ac standard will follow at least a year later.

Read more of Lisa's advice

Obtaining wireless access control for personal devices

Elements to consider when creating a Wi-Fi policy

Wireless network settings for Android troubleshooting

One noteworthy security impact of draft 11ac is that it will operate only in 5 GHz channels. Businesses will want to start or increase scanning of 5 GHz channels for rogue APs and other unauthorized activities, but they'll still need to monitor 2.4 GHz to make sure intruders don't "hide" there. In addition, they'll need to keep an eye on the new 80 MHz and 160 MHz channels, which occupy similar frequencies as older 20/40 MHz channels in the 5 GHz band but do so in a slightly different way.

Eventually, final 802.11ac specification may have a more significant impact on security by introducing a new security protocol, the Galois/Counter Mode Protocol (GCMP). The final standard is expected to offer this option in addition to today's mandatory CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). Both are used with Advanced Encryption Standard (AES), but the new GCMP operates more efficiently to keep up with very high data rates. According to RFC 5288, GCMP can be efficiently implemented in hardware for speeds of 10 Gbps and above.

Do you have a question for our experts?

Submit your question directly to our editors at [email protected].

Since the 802.11ac standard maxes out just under 7 Gbps, GCMP may not be absolutely necessary for 11ac, but it will probably start to emerge in new 11ac devices designed for very high-throughput applications such as HD video inside the home. Note that GCM encryption of 11ac frames* won't ever be supported by older Wi-Fi products, only next-generation products. This may complicate security policies for a while, as businesses will have to allow AES-CCMP for backward compatibility while transitioning toward AES-GCMP -- much like how the industry migrated from Wi-Fi Protected Access (WPA) Temporal Key Integrity Protocol to WPA2 (CCMP) over the past decade.

* Note: Some products (e.g., WLAN controllers with built-in VPN gateways) already use GCM with other security protocols such as IPsec ESP.

This was last published in November 2012

Dig Deeper on WLAN Security