Chapter 6, "Wireless Vulnerabilities," shows some serious deficiencies in the original IEEE 802.11 standard. Many of these deficiencies are in Wired Equivalent Privacy (WEP). When the Fluhrer-Mantin-Shamir attack rendered the WEP key vulnerable in 2001, it was a big blow to Wi-Fi. The members of the Wi-Fi Alliance needed a solution that could assure the general public that wireless networking was safe to use again. The IEEE 802.11i Task Group was working on enhancements, but standards bodies are slow. Cisco defined its own version of the standard to get a security solution to customers quickly. The Wi-Fi Alliance codified a well-defined subset of an early draft of 802.11i and called it Wi-Fi Protected Access (WPA). WPA, which became available in 2003, is a package of several features designed to secure 802.11 using legacy hardware. The 802.11i standard, which the IEEE Approved in June 2004, provides even more protection than WPA. It is being dubbed WPA2 by the Wi-Fi Alliance, an industry association.
802.11i adds new encryption and data integrity methods. One of these is designed to work with legacy WEP equipment, and the other is based on the Advanced Encryption Standard (AES), and will thus require a hardware upgrade in many cases.
This chapter discusses the contents of the 802.11i standard. It then describes the algorithms involved in legacy WEP and 802.11i. These include encryption algorithms to protect the data, cryptographic integrity checks to prevent message modification and replay, and dynamic key management algorithms. It describes the new security association concept associated with 802.11i. This chapter next briefly describes WPA and Cisco proprietary Cisco Key Integrity Protocol (CKIP). Finally, it ends with a review of how these solutions address the various security problems that Chapter 6 describes.