4.2 The Future Is 802.11i

The future solution from the IEEE to provide real wireless security and a strong cryptographic system is the proposed 802.11i standard. The IEEE Task Group responsible for this standard maintains a web page at http://grouper.ieee.org/groups/802/11/Reports/tgi_update.htm. As of December 2003, draft 7 of this proposal has been sent to a "sponsor ballot," and the results are not yet available. The word on the street is that 802.11i will become a ratified standard sometime in mid-2004.

The final standard of 802.11i will likely address the following:

Use of 802.1x for authentication

802.1x is a specification framework for mutual authentication between a client and an access point. 802.1x may also use a backend authentication server such as RADIUS and take advantage of one of the Extensible Authentication Protocol (EAP) variations. 802.1x uses a new key for each session, so it resolves the issue of a single static WEP key.

Use of the Temporal Key Integrity Protocol (TKIP)

TKIP uses 128-bit dynamic keys that are changed at random times. Because of the constantly changing keys, intruders would be hard pressed to collect enough radio frames to compromise the keys.

Use of the Advanced Encryption Standard (AES)

The full implementation of 802.11i will utilize AES encryption to make a very strong cryptographic system. However, using AES requires significant computational horsepower. Current models of access points will not be able to handle AES due to limited processors. Expect new models that are "802.11i ready" to arrive on the market in 2004.