Wireless Infrastructure

07:00 PM
Connect Directly
RSS
E-Mail
50%
50%

Examining 802.11i and WPA

Products using the new Wi-Fi Protected Access Technology are here, with 802.11i-compliant products coming soon. We help you decide which one is best for your organization.

As a standards body, the IEEE 802.11i task group wasn't under the same market pressures as the vendor-driven Wi-Fi Alliance. After nearly three years of debate, the 802.11i committee is putting the finishing touches on its security standard, the Robust Security Network. RSN requires wireless clients and APs to have capabilities most existing devices don't have, including higher processing power and support for intensive encryption algorithms. There is also a transitional spec--conveniently called Transitional Security Network (TSN)--that lets RSN and older WEP systems operate in parallel in the same WLAN. But your wireless network won't be fully secure until it's all RSN.

RSN and WPA have a lot in common. They use the same security architecture for upper-level authentication, key distribution and key renewal. WPA, though, is built around TKIP (Temporal Key Integrity Protocol), which is available as a firmware upgrade to most legacy hardware. RSN is more comprehensive and includes support for AES (Advanced Encryption Standard), which is available only on the latest WLAN hardware.

We evaluated WPA in our Syracuse University Real-World Labs for integrity, confidentiality and authentication criteria (see "Meanwhile, Back at the Lab,").WPA, expressed as a formula, looks like this:


WPA = {802.1X + EAP + TKIP + MIC + (RADIUS*X)}

If WPA-PSK, X=0; ELSE X=1
WPA uses existing technology such as IEEE 802.1x, EAP, TKIP and RADIUS. Its authentication is based on the 802.1x authentication protocol that was developed for wired networks, as well as EAP (Extensible Authentication Protocol). EAP lets you use a variety of algorithms for authenticating the client with a RADIUS server.

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed