Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 802.11i

From: "McGill, Lachlan" <mcgilll1 () anz com>
Date: Fri, 26 Sep 2003 12:23:07 +1000
Spurred by the insecurities and management issues exposed with WEP as it was standardized in 802.11b, the IEEE formed 
Task Force 802.11i to write a good standard for wireless security. The 802.11i standard is a work in progress, but 
enough has been done to figure out what much of it will be. Wireless implementations are divided into two groups, 
legacy and new. Legacy networks are those that were put in place before the .11i standard was ratified, and new 
networks are those put in place after it is ratified. Both groups use 802.1X as the means of handling credential 
verification, but the encryption method differs. 802.11i also specifies that only EAP standards that handle dynamic key 
generation may be used. 
To conform to 802.11i legacy networks will be required to use 104 bit WEP, and also use Temporal Key Integrity Protocol 
(TKIP, formerly known as WEP2) and Message Integrity Check (MIC). Both of these technologies were developed by Cisco as 
proprietary means of strengthening WEP. Though they are available today, these are only available on all Cisco 
networks, and then not on all platforms. TKIP addresses the IV attacks on WEP by encrypting everything before it is run 
through the WEP machine, essentially adding another layer of encryption to the packet. MIC adds stronger integrity 
checking than a simple CRC check to prevent attackers from changing messages after transmission.
According to 802.11i new wireless networks will be the same as legacy, except they should replace WEP/TKIP with a new 
encryption scheme called Advanced Encryption Standard - Operation Cipher Block (AES-OCB). This new encryption standard 
is a version of the AES standard recently adopted by the U.S. government as the replacement for 3DES. AES-OCB is touted 
as being much stronger than WEP/TKIP.

-----Original Message-----
From: Carter, Brent [mailto:Carter2B () ncr disa mil]
Sent: Friday, 26 September 2003 12:42 AM
To: 'tomas () skip cz'
Cc: 'security-basics () securityfocus com'
Subject: 802.11i


question about 802.11i: Is it inheirently WPA or TKIP?

Brent Carter
IT Specialist
DISA/API41
Net-OPS Assurance Division
703-882-1548

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: