IEEE Approves 802.11i

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

Re:802******* and beyond

[Anonymous Coward]

Here you go. [engadget.com] Pirate radio, on the cheap!

Re:Sure but does it require new equipment

[spellraiser]

Well, since encryption only involves standard processing, a firmware upgrade should be all that's required. Don't see any reason why a device would need to be created specifically for 802.11i. This is also interesting (taken from here [dailywireless.org]):

Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

Although they don't state it explicitly, it's a pretty fair bet that firmware upgrades for Linksys APs will be available at some point.

Re:Now we can start waiting for a total break of A

[m0rningstar]

AES, like DES and 3DES is a public algorithm and was subject to extensive peer review prior to adoption by the US government. (It's not a US algorithm; the original name was Rijndael). It was chosen for key length, security and efficiency of the algorithm and memory footprint among other things.

While this doesn't guarantee the security, it certainly improves the chances of it being as secure as possible. AFAIK, DES/3DES, a 20+ year old algorithm is still only vulnerable to brute force attacks.

The real fear here -- as in any encrytion system -- is the security of the key handling protocol. It's TKIP not AES that'll be the key to the security of 802.11i.

No

[billybob]

I have a netgear wireless router that does G and B. It can handle both at the same time just fine, and does not drop the G down to B speeds if there is a B client. :)

Maybe some routers do this, honestly I wouldnt be surprised, but I'm just letting you know that mine doesn't.

Re:No

[scd]

The actual issue is that some of the 802.11 protocol has to be done at speeds that all possible connecting units can understand. What this amounts to is that 'handshaking' is done at B speeds to allow B units to communicate, while the actual data transfer for G units is done at G speeds.

This causes some slowdown for G units. If an access point has proper settings, you should be able to make it do G only, thereby speeding up all G units at the expense of disallowing B units from connecting at all.

At least, the 802.11 protocol allows this, don't know if APs do or not.

MAC encryption

[m0rningstar]

From what I can read on the NIST 802.11 overview it's still not designed to protect identity.

Thus it will still not encrypt ESSID (used as a clue for what encryption credentials you need, NOT as a security measure) or the MAC address of the systems using it. (Page 29 of the above referenced article).

It's designed to address two of the three of the CIA principles, those being confidentiality and integrity of your data. Not to hide who is on the wireless network.

Re:OK, but how does it actually work

[j h woodyatt]

I am a wireless expert.

802.11i uses AES for privacy, HMAC-SHA1 for integrity, and it defines its own protocol for establishing transient unicast and group session keys. You can use it with a pre-shared master key (derived from a simple passphrase), or you can use it conjunction with 802.1X and get per-user pairwise master keys derived from the authentication service.

The Wi-Fi Alliance (I'm told) is calling 802.11i by the name WPA2. If you have hardware that supports the AES variant of WPA, then your vendor should be able to supply a firmware upgrade soon that will support WPA2.

Re:Does this finally solve the *other* major probl

[srwalter]

You know, the one that makes it that anyone on the wifi network can see all the other traffic?

I can't help but think that you don't know what you're talking about. The whole nature of RF is that if one person can receive the radio waves, so can several other people. You can't just select a single point to broadcast to. Sure, you can make sure that those RF waves are encrypted, and that's what this standard does. However, it's physically impossible to keep other parties from receiving the encrypted waves.

To utilize the (perhaps overused) broadcasting <-> speaking metaphor, assume that you have four people standing an equal distance apart from each other. If you say something to one, the others are going to hear it. Not much you can do about that. However, you can speak in code.

Re:Key Management

[DeathBunny]

802.11i includes the 802.1x (ie. EAP) authentication and key management included in WPA. It's a superset of WPA.

Re:Now we can start waiting for a total break of A

[pclminion]

It's not a US algorithm; the original name was Rijndael

Although it is correct that it was not invented by Americans, the term "Rijndael" is not a foreign word. It is simply a contraction of the names of the two inventors: Vincent Rijmen and Joan Daemen.

Re:Does this finally solve the *other* major probl

[wiedmann]

Yes, it does solve this problem. Since every wireless client (insider as you call it) is using a different key, one client can't decrypt another's traffic.

The key is negotiated at authentication time and is valid only for the given client and sesion. Without the client's authentication credential (certificate or otherwise), you can't get a hold of the key.

wait for 802.11n

[timts]

I saw it on maximumpc, it's going to be introduced and it will be efficient at compression, making the real transportation faster than 100MBytes even at further distance. :D

Re:hardware-level encryption = crap

[pclminion]

In mountaineering, it is very common to place "protection" (anchors in the rock) even when it isn't obvious whether they will hold or not.

Suppose you've got a really good placement (what a climber would call a "bomber" anchor) and you're sure it will hold. Do you place another, potentially less secure anchor in parallel, given the opportunity? Of course you do. You never pass up the chance to add a layer of protection. Even if you don't think it will be needed, and especially even if you don't think it will hold you. A terrible anchor is better than no anchor. And a good anchor plus a terrible anchor is better than a good anchor.

Adding more layers of protection is never the wrong decision. Regardless of the academic whinging of some researcher in a basement somewhere.

Re:hardware-level encryption = crap

[NerveGas]

If you want to keep your wireless network secure, tie MAC addresses to IP addresses, and presto!

Presto, you're screwed? What keeps a "baddie" from sniffing your traffic, waiting until you're not on, then changing his MAC address to be the same as yours? Oh, gee... I guess that doesn't buy you very much, either.

Even if it did, that still doesn't keep them from *sniffing* your network. Any data you transmit, they have. Just checked your email? Chances are they have your password. And all of those pictures that your girlfriend sent to you in those pictures. And those are just benign examples.

Putting encryption at this level is useless because secure communication with e.g. a webserver still requires that I encrypt over HTTPS

Until *every* protocol that goes over your network has reliable encryption, then this is still useful.

steve

Re:Key Management

[DeathBunny]

Here's links with some more info on 802.11i, also called WPA2.

This PDF http://www.wi-fi.org/opensection/pdf/whitepaper_wi -fi_security4-29-03.pdf [wi-fi.org] from the WIFI alliance talks about WPA2 near the very end of the document. According to this, WPA2 will use the same 802.1x authentication current used by WPA in enterprise deployments or the PSK mode currently used in home deployments of WPA.

This PDF http://jcbserver.uwaterloo.ca/cs436/handouts/misce llaneous/Intel_Wireless_3.pdf [uwaterloo.ca] has some interesting technical details about how the AES encryption in 802.11i works.

Unfortunately, it looks like the actual 802.11i specification isn't publically available yet. According to this page http://standards.ieee.org/getieee802/ [ieee.org] IEEE 802 drafts are publicly available 6 months after they are first published in PDF. I'm assuming this means that the 802.11i standard will be publicly available in 6 months?

Re:But Linksys has a history of good updates

[cbreaker]

I wouldn't really count Linksys on that bandwagon yet. They've been really good about keeping their firmware up to date even on old devices. If you have any of their "G" products and even some of the not-too-old 802.11b ones, they've provided updates that now include WPA instead of just WEP.

Linksys usually keeps their products updated to the latest capabilities within two years, and past that they still provide bug fixes.

This new encryption thing might be different and/or it might require new hardware or faster processors. Who knows. But if they can do it in software, you'll probably get it for nothing on your existing Linksys product.

Re:Sure but does it require new equipment

[Karrots]

The cisco wireless people came and talked to us at work. They made sure the menioned that all their hardware had an ASIC just for doing AES encryption so it would be fast. They talked about it being in their AP's though. He also made mention that they would be software upgradeable to support 802.11i when it was aproved. It seems they also said that it was also in beta firmware also.

Twits

[jaghatarjankare]

to finally provide sufficient security for wireless connections

There are two kinds of people working in these IEEE groups.

1. Seasoned engineers; and
2. Twits.

The former have from the beginning been clamouring for security. They were literally brushed off by the latter. The former will roll their eyes and tell you of how these twits use Windoze and LookOut and get infected all over the place and literally have no clue - and this is years ago, before Sasser and Blaster and Donner and Blixen...

How did they get in? Good question, next question. All security issues were shelved for the first standard...

And now? Now they're talking about 'finally' having security? These same morons?

Sorry - I have friends who've worked on all these standards and pulled their hair out all along, and I just don't trust the IEEE anymore if the pros are tired of trying. Make it secure? I won't believe it. I don't care enough to even try.

full text standards

[ohsoot]

Unfortunately 802.11i isn't listed here yet, but here is a link to the full text of the other 802.11 standards. [ieee.org] (Free, no registration required)

Re:Sure but does it require new equipment

[AusG4]

I've answered my own question.

For those wondering what I'm rambling about with WPA and TKIP, you can read this [mobilizedsoftware.com]. It explains the relationship between WPA and 802.11i, as well as what TKIP is and why TKIP will work on any processor that can handle RC4.