Page 2

By Carol Ellison  |  Posted 2004-07-01 Print this article Print

The AES security that 802.11i brings to wireless networks finally delivers on the promise that wireless computing can be as secure as wired. AES uses an encryption scheme developed by a pair of Belgian cryptographers that stood up to attacks in a veritable cryptographical bake-off that the U.S. Department of Commerce and the National Institute of Standards and Technology sponsored in 2000. The winning algorithm was adopted by those agencies a year later to replace DES as the Federal Information Processing Standard and was incorporated into 802.11 security just last week. In 802.11i, it replaces WEP 40-bit static encryption key with variable key sizes of 128, 192 or 256 bits, making it far more difficult to crack.
So difficult, in fact, that there is some disagreement in the cryptography community whether it can be cracked at all and general agreement that if it can (and surely someday it can), that day is some time off. A 128-bit key size generates a number of possible keys thats too high to write out here. Think 340 followed by 36 zeros.
Thats the good news. The bad news is that getting all this protection could be costly to early enterprise adopters who shied away from the draft-compliant products and went with 802.11b, a, g or combo equipment. AES is not backward-compatible with WEP. This doesnt mean the WLAN will be insecure if you dont replace the devices youre now using. The spec is backward-compatible, even if AES is not. 802.11i also includes TKIP (Temporal Key Integrity Protocol), the encryption protocol used in WPA (Wi-Fi Protected Access), the interim security standard that the Wi-Fi Alliance issued last year to bring strong wireless encryption, along with 802.1X authentication and a message integrity check to provide strong security and put worries to rest while the industry awaited 802.11is ratification. WEP devices can be upgraded to WPA with TKIP encryption if vendors have made drivers available. TKIPs presence in 802.11i means new devices should work alongside legacy devices that have made the WPA upgrade. They just wont have AES encryption. Looking ahead, it will be interesting to see whether 802.11is ratification will result in a huge uptick in demand for Wi-Fi devices in the enterprise. Many of those under regulatory mandates to secure their data, typically those in health care and financial services, deployed draft-compliant products in advance of the specifications ratification. And many of those that dont face regulatory mandates may find it less expensive and more practical to stick with the WPA products now on the market. The Wi-Fi Alliance will launch its interoperability certification program for 802.11i devices in September under the name WPA2, the second generation of Wi-Fi Protected Access. David Cohen, chairman of the Wi-Fi Alliances security committee, said enterprise customers will have to determine if AES protection merits the cost of new equipment. If immediate upgrades are impractical, he said, customers "can look for products that have Wi-Fi WPA certification, and it will still give them a lot of security." Check out eWEEK.coms Mobile & Wireless Center at for the latest news, reviews and analysis.

Be sure to add our mobile and wireless news feed to your RSS newsreader or My Yahoo page

Carol Ellison is editor of's Mobile & Wireless Topic Center. She has authored whitepapers on wireless computing (two on network security–,Securing Wi-Fi Wireless Networks with Today's Technologies, Wi-Fi Protected Access: Strong, Standards-based Interoperable Security for Today's Wi-Fi Networks, and Wi-Fi Public Access: Enabling the future with public wireless networks.

Ms. Ellison served in senior and executive editorial positions for Ziff Davis Media and CMP Media. As an executive editor at Ziff Davis Media, she launched the networking track of The IT Insider Series, a newsletter/conference/Web site offering targeted to chief information officers and corporate directors of information technology. As senior editor at CMP Media's VARBusiness, she launched the Web site, VARBusiness University, an online professional resource center for value-added resellers of information technology.

Ms. Ellison has chaired numerous industry panels and has been quoted as a networking and educational technology expert in The New York Times, Newsday, The Los Angeles Times and The Wall Street Journal, National Public Radio's All Things Considered, CNN Headline News, WNBC and CNN/FN, as well as local and regional Comcast and Cablevision reports. Her articles have appeared in most major hi-tech publications and numerous newspapers and magazines, including The Washington Post and The Christian Science Monitor.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel