The nuts and bolts of 802.11i wireless LAN security
WEP wasn't good enough, but 802.11i does the job
By Paul Funk, Funk Software | Network World US | Published: 17:00, 28 March 2005
The IEEE's initial attempt at wireless LAN security was Wired Equivalent Privacy. This turned out to be a quite unfortunate moniker, as WEP was quickly shown to provide very little of the privacy it advertised.
802.11i improves on WEP by using completely new encryption algorithms and key-derivation techniques. This wireless security standard, finalized in 2004, makes it possible to safeguard over-the-air communications at Layer 2.
A key called the Pairwise Master Key (PMK) is established between the wireless station and the access point. This key is typically generated using 802.1X, which is authentication of the user to a RADIUS or other authentication server using Extensible Authentication Protocol. Both the station and RADIUS server derive identical keys, and the RADIUS server returns that key to the access point.
Next, the station and access point exchange a sequence of four messages, called the "four-way handshake." In this exchange, the PMK and freshly generated random values from both station and access point are used to derive a new key, called the Pairwise Transient Key. This key is subdivided into several keys: one to sign four-way handshake messages; one to secure data packets transmitted between station and access point; and one to encrypt a "group key" to the station during the four-way handshake. The group key lets the access point broadcast one multicast packet to all stations, rather than send a separately encrypted packet to each station.
During the four-way handshake, the station and access point negotiate the type of encryption to be used for the data connection. Two encryption ciphers are negotiated: The pairwise cipher is used for unicast data between station and access point, and the group cipher is used for broadcast/multicast traffic from the access point to multiple stations.
Why AES is best
While any encryption cipher may be negotiated, the cipher of choice for 802.11i is Advanced Encryption Standard (AES), with a 128-bit key, in Counter with CBC-MAC (CCM) mode. AES is the US federal government standard for encryption. CCM is a very well designed mode of operation and recently has been approved as Federal Information Processing Standard-compliant.
In an 802.11i-only environment, AES normally will be used both as the pairwise and group cipher. In a mixed environment, access points typically will use a lowest-common-denominator cipher as the group cipher, such as WEP or Temporal Key Integrity Protocol, to let both 802.11i and pre-802.11i stations decrypt multicast traffic.
Speeding roaming up
802.11i also speeds roaming from one access point to the next. Previously, it was necessary for the station to perform a complete 802.1X authentication each time it associated with a new access point. With 802.11i, when the station returns to an access point it already authenticated with, it can reuse the PMK established with that access point to omit 802.1X authentication and perform only the four-way handshake. This greatly speeds up transitions between access points. Additionally, the station may pre-authenticate to a new access point it intends to roam to, while still associated with the current access point; this lets the station only perform a four-way handshake once it roams.
Another fast-roaming technique made possible by 802.11i is informally called Opportunistic Key Caching (also Proactive Key Caching). If multiple access points can share PMKs among themselves, it is possible for the station to roam to a new access point it hasn't visited before and re-use a PMK established with the previous access point; this lets the station quickly roam to access points it never authenticated to, without even having to perform pre-authentication.
To deploy 802.11i, you'll need the following three hardware/software elements, each of which must support that standard:
- The "supplicant," a piece of software that sits on the hardware device you want to authenticate, performs high-level functions such as 802.1X and the four-way handshake.
- The wireless card/driver, which performs data encryption and communicates over the air with the access point.
- The access point, which provides the gateway to the network.
Funk is president of Funk Software. This article originally appeared in Network World.