SPRING IDF: WLAN security spec probably due next year

By , IDG News Service |  Networking

SAN JOSE, CALIFORNIA -- The IEEE 802.11i standard will plug all known security holes in IEEE 802.11 wireless LANs, also known as Wi-Fi, but probably won't see final approval or shipping products until about a year from now, according to an Intel Corp. network architect involved in the drafting of the standard who spoke here Thursday at Spring Intel Developer Forum.

However, technical advances already available can make wireless LANs far more secure than they originally were. Also, to give themselves some protection, many companies could start by simply using what came with 802.11 to start with, said a Cisco Systems Inc. engineer who spoke at the same session.

WEP (Wired Equivalent Privacy), the security mechanism initially built into all standard 802.11 products, encrypts data on the wireless network but is flawed because it reuses the same encryption key, said Jesse Walker, a network architect at Intel and the editor of the 802.11i standard now in development under the Institute of Electrical and Electronics Engineers Inc. (IEEE). A would-be hacker can figure out that key from a small amount of traffic, he said. WEP also doesn't stop interlopers from altering data as it crosses the network, he added.

Effective wireless LAN security requires several parts, the engineers said. There have to be mechanisms to make sure the data is really coming from its supposed source, that it can't be seen and that it can't be modified.

"It's not enough just to have authentication. You need to have, along with that strong authentication, a strong encryption mechanism, coupled with data integrity," said Sri Sundaralingam, a technical marketing engineer at Cisco, in San Jose.

Among other improvements, 802.11i will include a system for creating fresh keys at the start of each session. It also will provide a way of checking packets to make sure they are part of a current session and not repeated by hackers to fool network users, Walker said. To manage keys, it will use RADIUS (Remote Access Dial-In User Service) to authenticate users and the IEEE 802.1x standard.

In advance of the approval of 802.11i, users should be able to give their wireless LANs a subset of the upcoming security features through a software or firmware upgrade to WPA (Wireless Protected Access), a specification adopted by the Wi-Fi Alliance, the industry group that certifies Wi-Fi products. Beginning in August, all Wi-Fi products will be equipped with WPA, Walker said.

Wireless LANs in many companies don't even have basic protection against "war driving," in which interlopers drive by buildings or park outside and intercept wireless LAN traffic, Sundaralingam said. In some companies, managers claim the company has no wireless LANs but employees have set up their own "rogue" access points, he said.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness