Problem solve Get help with specific problems with your technologies, process and projects.

What limitations in 802.11b does 802.11i address?

What limitations in 802.11b does 802.11i address?
802.11i specifies advanced network security features for 802.11 wireless LANs, including 802.11a, b, and g. 802.11b defined two security features: shared key authentication to prevent stations without the key from using the LAN, and wired equivalent privacy (WEP) to prevent eavesdropping on wireless traffic. Both mechanisms are better than nothing, but weak and vulnerable to attack and key compromise.

802.11i effectively deprecates shared key authentication by replacing it with two options: pre-shared secret authentication and authentication using 802.1X port-based access control. Pre-shared secrets are stronger than shared keys because they are not used directly for encryption and have more entropy. However, everyone in the wireless LAN must still have the same secret, so it is like a group password. 802.1X makes it possible for each user to authenticate with different credentials - for example, everyone can have his or her own username and password. But since 802.1X requires a RADIUS server, it will probably only be used by business WLANs.

802.11i also replaces WEP with TKIP. TKIP uses a key mixing function to generate dynamic encryption keys that change over time. This essentially prevents frames from being sent with the same key, which makes it much, much harder to crack the key using a hacker tool. TKIP also adds a longer initialization vector, a message integrity check, and a sequence number. The longer vector also helps to prevent key reuse, while the integrity check and sequence number lets recipients verify that incoming frames haven't been recorded, modified (forged), and replayed.

The features I mentioned so far are available today in products that support Wi-Fi Protected Access (WPA), a snapshot of 802.11i. The final 802.11i standard will not be done until next year. It will include additional security features, like stronger, more efficient encryption based on the newer Advanced Encryption Standard (AES).

This was last published in August 2003

Dig Deeper on Wireless LAN (WLAN)