What limitations in 802.11b does 802.11i address?
802.11i specifies advanced network security features for 802.11 wireless LANs, including 802.11a, b, and g. 802.11b defined two security features: shared key authentication to prevent stations without the key from using the LAN, and wired equivalent privacy (WEP) to prevent eavesdropping on wireless traffic. Both mechanisms are better than nothing, but weak and vulnerable to attack and key compromise.
802.11i effectively deprecates shared key authentication by replacing it with two options: pre-shared secret authentication and authentication using 802.1X port-based access control. Pre-shared secrets are stronger than shared keys because they are not used directly for encryption and have more entropy. However, everyone in the wireless LAN must still have the same secret, so it is like a group password. 802.1X makes it possible for each user to authenticate with different credentials - for example, everyone can have his or her own username and password. But since 802.1X requires a RADIUS server, it will probably only be used by business WLANs.
802.11i also replaces WEP with TKIP. TKIP uses a key mixing function to generate dynamic encryption keys that change over time. This essentially prevents frames from being sent with the same key, which makes it much, much harder to crack the key using a hacker tool. TKIP also adds a longer initialization vector, a message integrity check, and a sequence number. The longer vector also helps to prevent key reuse, while the integrity check and sequence number lets recipients verify that incoming frames haven't been recorded, modified (forged), and replayed.
The features I mentioned so far are available today in products that support Wi-Fi Protected Access (WPA), a snapshot of 802.11i. The final 802.11i standard will not be done until next year. It will include additional security features, like stronger, more efficient encryption based on the newer Advanced Encryption Standard (AES).
Dig Deeper on Wireless LAN (WLAN)
Related Q&A from Lisa Phifer
A remote access VPN connects remote users from any location to a corporate network. A site-to-site VPN, meanwhile, connects individual networks to ... Continue Reading
Licensed and unlicensed frequency bands serve different purposes for wireless communications. Find out the differences between the two bands and the ... Continue Reading
As the remote workforce increases, network managers and users might opt to set up two concurrent VPN connections from the same remote device. But ... Continue Reading