Sunday, 27 June 2004

Caring about 802.11i. The IEEE has ratified 802.11i: what next? The news yesterday that the IEEE had finally approved the 802.11i security standard known slightly tautologically as MAC Enhancements for Enhanced Security produced a number of news reports and a little bit of analysis.

The Wi-Fi Alliance stole 802.11i's thunder in late 2002 by announcing that it would implement and test its own interim version of 802.11i called Wi-Fi Protected Access (WPA) in an effort to shore up an increasingly battered security model that was preventing adoption in the enterprise and made home users nervous. WPA succeeded wildly in changing the perception of Wi-Fi's security, even as it took months beyond its initial intended roll-out to make inroads in firmware and driver upgrades, finally appearing widely by fall 2003 in major operating systems and products. WPA repaired faults in the encryption and integrity parts of Wired Equivalent Privacy (WEP) with the intent of providing backward firmware compatibility with older gear.

We got the better TKIP (Temporal Key Integrity Protocol) along with other improvements without having necessarily to upgrade all of our equipment. (Mileage varies: Some cards as old as from 1999 can support WPA; other access points made as recently as 2002 must be replaced.) 802.11i's substantial change over WPA's interim rollout involve better handoff and better encryption. The 802.11i standard supports AES key using CCMP which conforms to government security standards. Most silicon made since late 2002 already has the pieces in place to handle the more advanced AES encryption computation and management.

For the vast majority of users, AES is an unneeded improvement because it turns an already insoluble problem for all intents and purposes--100 years might be enough time with today's tech to crack a well-chosen TKIP key from some quadrillions of bytes of ciphertext--into a crack that requires the death of stars to achieve. Still, governments and critical enterprise operations want orders of magnitude better encryption than what TKIP offers for two reasons: first, flaws that reduce the computational magnitude of cracking a TKIP key might still leave the 802.11i advanced key far beyond reach; second, computation speed improves all the time, meaning that a 100-year crack today could be a 1-day crack in five years. (Some aspects of TKIP make this unlikely, however, in that enough bytes still have to pass the network to assemble a large enough matrix to use brute force, and that many bytes might...

[Source: Wi-Fi Networking News]
8:29:16 PM    


© Copyright 2004 Bill .
Last update: 1/7/04; 1:16:39 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Broadband and Infrastructure" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.