• United States

AES: The cornerstone of 802.11i

Aug 04, 20042 mins
Cellular NetworksNetwork SecurityWi-Fi

* Under the hood of 802.11i

As you likely know, one of the biggees that the newly ratified 802.11i security standard will bring to the wireless LAN table is Advanced Encryption Standard, the U.S. government’s chosen standard going forward.

What makes AES important?

AES is a 256-bit block-cipher encryption mechanism. It replaces the 40- and 128-bit stream-cipher RC4 mechanisms that were used in 802.11’s previous security standards, Wired Equivalent Privacy (WEP) and 802.11i’s precursor, Wi-Fi Protected Access (WPA). The 256-bit length of the key is part of its strength, but the block nature of the algorithm is at least as important.

RC4, being a stream-cipher mechanism, means that it generates a key stream that is the same length as the data stream. So 200 bytes of data would generate 200 bytes of a key stream, which is a fairly simple mathematical operation. It becomes very hard to make sure you can’t brute-force attack and break a stream cipher.

By contrast, block ciphers divide data (and keys) into blocks. You must run rounds of operation on each block, break the key on that block, then chain that calculation to the next block and do it again. This makes an attack much more laborious and difficult, in effect, by requiring multiple attacks. By some estimates, it might take 100 years to crack AES.

Like AES, Data Encryption Standard and Triple-DES are block ciphers and have long provided very strong encryption. However, they have been around now for 25 years, so there is now enough understanding about them that they might be broken with brute force, which is why AES has come into focus as the encryption favorite.

In addition to its encryption strength, 802.11i has built-in protection of the MAC header (which RC4 does not). 802.11’s Message Integrity Check (MIC) protocol compares MAC headers at the time of transmission and at the time of receipt. If they differ, the packet is dropped (as it is presumed to have been changed or spoofed) to avoid man-in-the-middle attacks.


Message from Network World: See what’s next in a wireless world.

DEMOmobile puts the best of what’s next in the palm of your hand. Hundreds apply, but only the most significant technologies are chosen to launch here. Register today to see them first.

DEMOmobile 2004: The launchpad for a wireless world

Sept. 8-10, La Jolla, Calif.