Chapter 7. WPA, RSN, and IEEE 802.11i

Chapter 7 introduces the new security protocols that replace WEP and provide real security. In the next few chapters we delve into details regarding how the new protocols work and are applied to real installations. In this chapter, we define the terms and explain the process under which the protocols developed. We look at the importance of keys to the solution and how the keys are used within the context of a secure system. Finally, prior to diving into detail in Chapter 8, we provide a roadmap of the many standards used in the new security solutions.

Relationship Between Wi-Fi and IEEE 802.11

The Institute of Electrical and Electronics Engineers (www.IEEE.org) operates a group called the Standards Association (SA). Among many other standards, the IEEE-SA is responsible for the IEEE 802 family: "Local Area and Metropolitan Area Networks." IEEE 802 is divided into working groups, each of which produces standards in a specific area, as shown in Figure 7.1. The ".11" working group produces standards for wireless LANs.

The original IEEE 802.11 standard was ratified in 1997 and became an international standard in 1999. Work continues and updates to the base standard are made from time to time. Some of these, such as 802.11b and 802.11a, are complete while others are still in development. At the time this book was written, 802.11i had not been ratified and was still in draft form. Note that updates such as IEEE 802.11b are not whole new standards; they are addendums to the existing standard. Care is taken to ensure that older equipment is not made obsolete by any changes.

Standards allow manufacturers to produce products that have known physical characteristics. For example, two wireless LAN systems could not communicate with each other unless they use compatible radio frequencies and modulation methods . The standard specifies such things in detail. The IEEE 802.11 standard also defines protocol messages and operating algorithms (see Chapter 5).

Standards are very useful to manufacturers because they create a technical specification from which designs can be made. However, end users—that is, the customers who buy the products—have a different concern. IEEE 802.11 might tell them the characteristics of the product, but it does not guarantee that a product from vendor A will completely interoperate with a product from vendor B.

IEEE 802.11 is a long and complicated standard. Despite the best efforts of the standards body, there are bound to be areas that are ambiguous or not fully defined. Also there are a number of features that are optional and different manufacturers might make different choices in their designs. To avoid interoperability problems, the Wi-Fi Alliance was formed by a group of major manufacturers and the logo "Wi-Fi" was created.

To obtain Wi-Fi certification, a manufacturer must submit its product for testing against a set of "gold standard" Wi-Fi products. The Wi-Fi Alliance created its own test plan based on IEEE 802.11. Some features of IEEE 802.11 are not required for Wi-Fi certification. Conversely, there are some requirements that are additional to the standard. Where there is ambiguity in the standard, the correct behavior is defined by the way the gold standard products work. In this way interoperability is ensured. In summary, Wi-Fi defines a subset of IEEE 802.11 with some extensions, as shown in Figure 7.2.