[802.11i] is a standard within the [IEEE] [802.11] working group which deals with enhanced security for [802.11] based networks ([802.11a], [802.11b]/[802.11g g] etc).

[WEP] security, currently a part of the [802.11] standard, does a decent job of maintaining security of a [WLAN Wireless LAN] against the general public. However, there are some decent hackers out there who have the ability to crack even a [WEP] protected [WLAN].

[WEP] really only provides a method for authenticating radios to [AccessPoint access points], but not [AccessPoint access points] to radio NICs. As a result of this one-way authentication, a hacker is able to 'trick' the network in a variety of ways to gain access, or snoop on data traversing the network.

[802.11i] will address this problem, when ratified by the [IEEE], by implementing a two-way "mutual" authentication mechanism.

[802.11i] is expected to solve this problem at two levels. Firstly, using [TKIP] ("Temporal Key Integrity Protocol", aka WEP2), which ensures each station on the network has its own unique key, and the key changes shape on a dynamic basis. While [TKIP] is better than [WEP], it still has flaws, and hense is considered a temporary solution to the problem.

Along with [TKIP], which will use [RC4] encryption, the [802.11i] standard is expected to also include the [AES] ("Advanced Encryption Standard") protocol, which provides much stronger encryption of packets. The use of [AES] may not be adopted, as it requires a decent processor to crunch the numbers at a decent speed, and this comes at a price.

[802.11i] is still in the drafting stage, and as such this information is subject to change. [802.11i] support is expected to appear in products by early 2003. The [802.11i] task group's progress can be monitored on the (http://grouper.ieee.org/groups/802/11/Reports/tgi_update.htm IEEE website).

----
Back to [802.11]