Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Inside Secrets Of WiFi Security

As wireless LAN (WLAN) equipment becomes more popular and widely deployed, the same care that has been paid to securing wired networks must be applied to wireless networks. In a wired LAN, only those stations physically connected to the wire may hgfear can send or receive LAN traffic, thus granting a minimum level of physical security. This is not the case with a wireless shared medium, as any 802.11 client may receive and transmit traffic to any other client within range.

Based largely on enterprise demands for more secure WLAN solutions, the IEEE developed the 802.11i specification, which allows for security improvements in existing WLAN products through firmware upgrades. Most available products can be upgraded to use certain features, such as temporal key integrity protocol (TKIP) and IEEE 802.1x authentication. This provides a considerable security improvement over the wired equivalent privacy (WEP) standard, which was not designed for ultimate security but rather to be "at least as secure as a wire". 802.11i also allows for backward compatibility with the original 802.11 standard. Even greater security can be gained in products available since 2003, which include new hardware supporting encryption. Products currently on the market are able to use the most advanced features of 802.11i, such as AES encryption for bulk data protection, key caching which allows mobile stations to switch from one access point to another without incurring the time overhead of a key exchange each time, and pre-authentication which allows a client to establish security state in an access point prior to associating to it..

It is best to think of 802.11i not as a single protocol but rather a security framework (Figure 1), using existing, proven security standards — like a recipe listing the ingredients to bake a cake. Just as a chef will select the best ingredients for a particular type of cake, so too can a network administrator select the best mix of encryption types, authentication mechanisms, and PKIs to address their organization's requirements.

Figure 1: diagram showing the elements that make up the 802.11i protocol.

ABCs of 802.11 Security
Customers who deploy WLAN solutions need to be confident of the system's ability to address integrity, privacy, and reliability. Solving these challenges in securing WLANs requires addressing many facets of security, including:

  • Strong mutual authentication — The client and access point must cryptographically prove their identities to each other.
  • Messages must have data origin protection — It must be possible to prove that sender of a message is genuine and not a man-in-the-middle.
  • Messages must have data integrity protection— It must be possible to prove that messages are not altered in transit.
  • Messages must have confidentiality — The contents of messages must only be viewable by the sender and receiver.
  • 1