802.11i includes two big security upgrades: Wi-Fi Protected Access (WPA) and Robust Security Network (RSN) The inadequacy of the Wired Equivalent Privacy protocol has delayed widespread adoption of wireless LANs in many corporations. While most network administrators and end users understand the productivity benefits of cutting the Ethernet cord, most worry about the risk of doing so.WLANs expose a network and hence, from a security perspective, must be treated like access networks rather than core enterprise networks. When corporate users connect through a LAN switch or hub, there is an assumption that they already are trusted users. IT might or might not use a protocol such as 802.1X or RADIUS for additional authentication.To help address this gap in WLANs, the IEEE 802.11 Working Group instituted Task Group i to produce a security upgrade for the 802.11 standard. 802.11i is building the standard around 802.1X port-based authentication for user and device authentication. The 802.11i standard, which isn’t expected to be complete until later this year, includes two main developments: Wi-Fi Protected Access (WPA) and Robust Security Network (RSN). Wi-Fi Protected AccessThe first task is to plug security holes in legacy devices, typically through firmware or driver upgrades. The Wi-Fi Alliance has taken a subset of the draft 802.11i standard, calling it WPA, and now certifies devices that meet the requirements. WPA uses Temporal Key Integrity Protocol (TKIP) as the protocol and algorithm to improve security of keys used with WEP. It changes the way keys are derived and rotates keys more often for security. It also adds a message-integrity-check function to prevent packet forgeries.While WPA goes a long way toward addressing the shortcomings of WEP, not all users will be able to take advantage of it. That’s because WPA might not be backward-compatible with some legacy devices and operating systems. Moreover, not all users can share the same security infrastructure. Some users will have a PDA and lack the processing resources of a PC.What’s more, TKIP/WPA will degrade performance unless a WLAN system has hardware that will run and accelerate the WPA protocol. For most WLANs, there’s currently a trade-off between security and performance without the presence of hardware acceleration in the access point.Robust Security NetworkRSN uses dynamic negotiation of authentication and encryption algorithms between access points and mobile devices. The authentication schemes proposed in the draft standard are based on 802.1X and Extensible Authentication Protocol (EAP). The encryption algorithm is Advanced Encryption Standard (AES).Dynamic negotiation of authentication and encryption algorithms lets RSN evolve with the state of the art in security, adding algorithms to address new threats and continuing to provide the security necessary to protect information that WLANs carry. Using dynamic negotiation, 802.1X, EAP and AES, RSN is significantly stronger than WEP and WPA. However, RSN will run very poorly on legacy devices. Only the latest devices have the hardware required to accelerate the algorithms in clients and access points, providing the performance expected of today’s WLAN products.WPA will improve security of legacy devices to a minimally acceptable level, but RSN is the future of over-the-air security for 802.11.Cohen is vice president of marketing at Airespace. O’Hara is director of system engineering at Airespace, and chair of 802.11m and editor of 802.11f. They can be reached at alan@airespace.com and bob@airespace.com, respectively. Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe