What limitations in 802.11b does 802.11i address?
802.11i specifies advanced network security features for 802.11 wireless LANs, including 802.11a, b, and g. 802.11b defined two security features: shared key authentication to prevent stations without the key from using the LAN, and wired equivalent privacy (WEP) to prevent eavesdropping on wireless traffic. Both mechanisms are better than nothing, but weak and vulnerable to attack and key compromise.
802.11i effectively deprecates shared key authentication by replacing it with two options: pre-shared secret authentication and authentication using 802.1X port-based access control. Pre-shared secrets are stronger than shared keys because they are not used directly for encryption and have more entropy. However, everyone in the wireless LAN must still have the same secret, so it is like a group password. 802.1X makes it possible for each user to authenticate with different credentials - for example, everyone can have his or her own username and password. But since 802.1X requires a RADIUS server, it will probably only be used by business WLANs.
802.11i also replaces WEP with TKIP. TKIP uses a key mixing function to generate dynamic encryption keys that change over time. This essentially prevents frames from being sent with the same key, which makes it much, much harder to crack the key using a hacker tool. TKIP also adds a longer initialization vector, a message integrity check, and a sequence number. The longer vector also helps to prevent key reuse, while the integrity check and sequence number lets recipients verify that incoming frames haven't been recorded, modified (forged), and replayed.
The features I mentioned so far are available today in products that support Wi-Fi Protected Access (WPA), a snapshot of 802.11i. The final 802.11i standard will not be done until next year. It will include additional security features, like stronger, more efficient encryption based on the newer Advanced Encryption Standard (AES).
Dig Deeper on Wireless LAN (WLAN)
Related Q&A from Lisa Phifer
Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used ... Continue Reading
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance. Continue Reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.