A large number of Wi-Fi systems have been deployed based on the RC4 encryption algorithm. This was part of the IEEE 802.11 WEP implementation and has been included in the WPA TKIP specification to allow firmware upgrades possibly in combination with a driver upgrade. However, when the IEEE 802.11 committee started looking for a new security solution to be built from scratch, they chose instead the cipher AES on which to build. This chapter has explained why that decision was made and how it has been incorporated into the RSN solution.

AES is a cipher that can be used in many ways to create security protocols. This chapter has looked at the various modes that have been designed to use AES in practical situations?in particular, a new mode called CCM that was invented to support IEEE 802.11 TGi RSN and that is now likely to be adopted by NIST as one of the standard modes for AES. This mode forms the basis of CCMP, the AES-based protocol for IEEE 802.11i. We have now covered, in this book, all the core protocols needed to implement WPA and RSN security. The next chapter looks at how the techniques are applied to IBSS networks and covers additional mechanisms that enable Wi-Fi systems to identify and safely select other Wi-Fi systems that support the new security provisions.

    Part II: The Design of Wi-Fi Security