Proposed Security enhancements to Wireless LAN protocol IEEE 802.11

Thursday, January 23, 2003 - 7:00pm
Mr. Donald Eastlake III, Motorola

More and more sensitive data is passing through the air by wireless and IEEE 802.11 is the dominant wireless local area network technology. 802.11 or WiFi networks are appearing in enterprises, homes, hot spots, and even free neighborhood networks.

As currently standardized, 802.11 includes WEP or Wireline Equivalent Privacy. The concept was that it would be about as secure as the wired telephone plant. But WEP has failed. Software for breaking WEP security is easily downloadable from the Internet; you can drive by a WEP enabled home or office, read their traffic, and inject fake packets.

WEP has at least four problems: it uses its basic RC4 encryption algorithm improperly; it has a small Initialization Vector (IV) and re-uses keys so that the same key-IV pair get used, negating security; it uses stream encryption with a weak CRC so that forgery is easy; and it has no protection against re-play attacks.

To fix these problems, Task Group "i" (TGi) has been set up in the IEEE 802.11 work group to specify modification to 802.11 to provide cryptographically strong security. This effort is nearing completion and proposes several new security protocols. One, called TKIP (Temporal Key Integrity Protocol) is designed to be as secure as it can given the constraint that it must work on most legacy hardware with only firmware and software upgrades. Two others, which are mandatory to implement CCMP (Counter Mode CBC-MAC Protocol) and the optional WRAP (Wireless Robust Authenticated Protocol), are designed to be highly secure, with a good safety margin, and assume newer, more powerful hardware that can support the US Government Advanced Encryption Standard (AES) algorithm.

All TGi protocols provide replay protection, much stronger integrity checks that are cryptographically keyed, and a much stronger key derivation scheme rooted in IEEE 802.1X. In addition, TKIP, which still uses the weaker RC4 algorithm, uses it properly to avoid a class of WEP weaknesses.

The WiFi Alliance will provide certification services for these improved wireless LAN security protocols. Access Points and cards implementing TKIP (also known as WiFi Protected Access or WPA v1) are expected to be generally available in 2003. Equipment implementing full TGi security (expected to be known as WPA v2) will be generally available in 2004.

This meeting is sponsored by the Boston Chapter of the IEEE Computer Society and is co-sponsored by Boston Chapter of the IEEE Communications Society and the Greater Boston Chapter of the ACM (GBC/ACM). Meeting begins at 7:00 pm. An optional, pay-your-own dinner follows. For more information: Archie Blondin at 617-856-1909 or or Paul Skelly at 781-453-4014 or

Lecturer Biography: 

Donald E. Eastlake 3rd is a Distinguished Member of Technical Staff for Motorola Laboratories in Mansfield, Massachusetts, and a voting member of IEEE 802.11 active in Task Group "i" which is improving wireless LAN security. His RFC 1750 is the standard reference in the IETF on random numbers for cryptographic use. He has been working in the computer security area for many years, is author of the book "Secure XML" published in 2002 by Addison-Wesley, and was the principal architect of the Domain Name System security proposed standard (RFC 2535).