IEEE 802.11i: WLAN Security Standards

Email This Page

IEEE 802.11i: WLAN Security Standards
The standard IEEE 802.11i is designed to provide secured communication of wireless LAN as defined by all the IEEE 802.11 specifications. IEEE 802.11i enhances the WEP (Wireline Equivalent Privacy), a technologies used for many years for the WLAN security, in the areas of encryption, authentication and key management. IEEE 802.11i is based on the Wi-Fi Protected Access(WPA), which is a quick fix of the WEB weaknesses.

The IEEE 802.11i has the following key components:

1. Temporal Key Integrity Protocol (TKIP): a data-confidentiality protocol that was designed to improve the security of products that implemented WEP. TKIP uses a message integrity code called Michael, which enables devices to authenticate that the packets are coming from the claimed source. Also TKIP uses a mixing function to defeat weak-key attacks, which enabled attackers to decrypt traffic.

2. Counter-Mode/CBC-MAC Protocol (CCMP): a data-confidentiality protocol that handles packet authentication as well as encryption. For confidentiality, CCMP uses AES in counter mode. For authentication and integrity, CCMP uses Cipher Block Chaining Message Authentication Code (CBC-MAC). In IEEE 802.11i, CCMP uses a 128-bit key. CCMP protects some fields that aren't encrypted. The additional parts of the IEEE 802.11 frame that get protected are known as additional authentication data (AAD). AAD includes the packets source and destination and protects against attackers replaying packets to different destinations.

3.IEEE 802.1x: offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1X ties a protocol called EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods.

4. EAP encapsulation over LANs (EAPOL)– it is the key protocol in IEEE 802.1x for key exchange. Two main EAPOL-key exchanges are defined in IEEE 802.11i. The first is referred to as the 4-way handshake and the second is the group key handshake.

Because IEEE 802.11i has more than one data-confidentiality protocol, IEEE 802.11i provides an algorithm for the IEEE 802.11i client card and access point to negotiate which protocol to use during specific traffic circumstances and to discover any unknown security parameters.

The 802.11 stack structure is as follows:

Protocol Structure - IEEE 802.11i: WLAN Security Standards

IEEE 802.11i Components:

CCMP MPDU Format

CCMP CBC-MAC IV format

CCMP CTR Format

TKIP MPDU Format

Related Protocols
IEEE 802.2 , 802.3, 802.1x, EAP, EAPoL , 802.11, 802.11a, 802.11b, 802.11g, 802.11n , WEP, WPA

Sponsor Source

IEEE802.11i is defined by IEEE (http://www.ieee.org ) 802.11i specifications.