Wireless802.11i, referred to in full as IEEE 802.11i, is an amendment to the IEEE 802.11 standard developed by the Institute of Electrical and Electronics Engineers LAN/MAN Standards Committee (IEEE 802) used to govern wireless networking transmission methods. It specified security mechanisms for wireless networks.
Original versions of 802.11 featured weak security to conform to some governments' export requirements. The severe weaknesses in the 802.11 Wired Equivalent Privacy (WEP) security mechanism were brought to attention by a research paper from a group in the University of California, Berkeley.
Instead of RC4, which was the encryption standard for WEP, 802.11i uses government-strength encryption in Advanced Encryption Standard (AES). WPA2 (AES PreShared Key) is the recommended encryption for modern consumers.
Wi-Fi Protected Access (WPA), a class of systems to secure wireless computer networks, was introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities, to replace WEP while 802.11i was in development. It implements an important subset of the 802.11i standard.
The full implementation of 802.11i was then referred to as WPA2, or Robust Security Network (RSN), by the Wi-Fi Alliance. In place of the RC4 (where "RC" stands for "Ron's Code" or "Rivest Cipher" in reference to the designer, Ron Rivest) stream cipher used by WEP and WPA, 802.11i uses an Advanced Encryption Standard (AES) block cipher.
The following components make up the 802.11i architecture: 802.1X, using an Extensible Authentication Protocol (EAP) and an authentication server, for authentication and to provide the Pairwise Master Key (PMK); RSN for recording associations; and AES-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) to provide confidentiality, integrity and origin authentication; and the four-way handshake, used to establish the Pairwise Transient Key (PTK) and yield the Group Temporal Key (GTK).
The PTK is generated by connecting the following attributes: PMK, AP nonce (ANonce), client station (STA) nonce (SNonce), AP MAC address and STA MAC address. A cryptogenic hash function then yields the PTK. A group key handshake is used to keep the GTK updated in case of the expiry of a preset timer.
Implementing and using 802.11i requires firmware or driver support of both the wireless host (router or access point) and client (adapter). A firmware upgrade may enable the wireless host to support WPA2, while an update of the wireless adapter driver and part of the operating system enables the client to support WPA2.
