Home

What is IEEE 802.11i

802.11i, referred to in full as IEEE 802.11i, is an amendment to the IEEE 802.11 standard developed by the Institute of Electrical and Electronics Engineers LAN/MAN Standards Committee (IEEE 802) used to govern wireless networking transmission methods. It specified security mechanisms for wireless networks.

Original versions of 802.11 featured weak security to conform to some governments' export requirements. The severe weaknesses in the 802.11 Wired Equivalent Privacy (WEP) security mechanism were brought to attention by a research paper from a group in the University of California, Berkeley.

Sponsored Links

Due to these security flaws, it was possible to intercept transmissions and gain unauthorized access to wireless networks. The 802.11i (also known as "Wi-Fi Protected Access 2" or "WPA2") amendment, developed by an IEEE task group and ratified in June 24, 2004, featured an enhancement in security following government and legislative changes.

Instead of RC4, which was the encryption standard for WEP, 802.11i uses government-strength encryption in Advanced Encryption Standard (AES). WPA2 (AES PreShared Key) is the recommended encryption for modern consumers.

Wi-Fi Protected Access (WPA), a class of systems to secure wireless computer networks, was introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities, to replace WEP while 802.11i was in development. It implements an important subset of the 802.11i standard.

The full implementation of 802.11i was then referred to as WPA2, or Robust Security Network (RSN), by the Wi-Fi Alliance. In place of the RC4 (where "RC" stands for "Ron's Code" or "Rivest Cipher" in reference to the designer, Ron Rivest) stream cipher used by WEP and WPA, 802.11i uses an Advanced Encryption Standard (AES) block cipher.

The following components make up the 802.11i architecture: 802.1X, using an Extensible Authentication Protocol (EAP) and an authentication server, for authentication and to provide the Pairwise Master Key (PMK); RSN for recording associations; and AES-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) to provide confidentiality, integrity and origin authentication; and the four-way handshake, used to establish the Pairwise Transient Key (PTK) and yield the Group Temporal Key (GTK).

The PTK is generated by connecting the following attributes: PMK, AP nonce (ANonce), client station (STA) nonce (SNonce), AP MAC address and STA MAC address. A cryptogenic hash function then yields the PTK. A group key handshake is used to keep the GTK updated in case of the expiry of a preset timer.