Slashdot Mirror

← Back to Stories (view on slashdot.org)

IEEE Approves 802.11i

Posted by michael on from the my-lock-my-key dept.

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

5 of 302 comments (clear)

  1. Re:Sure but does it require new equipment by spellraiser · · Score: 5, Informative

    Well, since encryption only involves standard processing, a firmware upgrade should be all that's required. Don't see any reason why a device would need to be created specifically for 802.11i. This is also interesting (taken from here):

    Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

    Although they don't state it explicitly, it's a pretty fair bet that firmware upgrades for Linksys APs will be available at some point.

    --
    I hear there's rumors on the Slashdots
  2. Re:No by scd · · Score: 4, Informative

    The actual issue is that some of the 802.11 protocol has to be done at speeds that all possible connecting units can understand. What this amounts to is that 'handshaking' is done at B speeds to allow B units to communicate, while the actual data transfer for G units is done at G speeds.

    This causes some slowdown for G units. If an access point has proper settings, you should be able to make it do G only, thereby speeding up all G units at the expense of disallowing B units from connecting at all.

    At least, the 802.11 protocol allows this, don't know if APs do or not.

  3. Re:OK, but how does it actually work by j+h+woodyatt · · Score: 5, Informative

    I am a wireless expert.

    802.11i uses AES for privacy, HMAC-SHA1 for integrity, and it defines its own protocol for establishing transient unicast and group session keys. You can use it with a pre-shared master key (derived from a simple passphrase), or you can use it conjunction with 802.1X and get per-user pairwise master keys derived from the authentication service.

    The Wi-Fi Alliance (I'm told) is calling 802.11i by the name WPA2. If you have hardware that supports the AES variant of WPA, then your vendor should be able to supply a firmware upgrade soon that will support WPA2.

    --
    jhw
  4. Re:Key Management by DeathBunny · · Score: 4, Informative

    802.11i includes the 802.1x (ie. EAP) authentication and key management included in WPA. It's a superset of WPA.

  5. Re:Now we can start waiting for a total break of A by pclminion · · Score: 4, Informative
    It's not a US algorithm; the original name was Rijndael

    Although it is correct that it was not invented by Americans, the term "Rijndael" is not a foreign word. It is simply a contraction of the names of the two inventors: Vincent Rijmen and Joan Daemen.