The IEEE has ratified 802.11i: what next? The news yesterday that the IEEE had finally approved the 802.11i security standard known slightly tautologically as MAC Enhancements for Enhanced Security produced a number of news reports and a little bit of analysis. The Wi-Fi Alliance stole 802.11i's thunder in late 2002 by announcing that it would implement and test its own interim version of 802.11i called Wi-Fi Protected Access (WPA) in an effort to shore up an increasingly battered security model that was preventing adoption in the enterprise and made home users nervous.
WPA succeeded wildly in changing the perception of Wi-Fi's security, even as it took months beyond its initial intended roll-out to make inroads in firmware and driver upgrades, finally appearing widely by fall 2003 in major operating systems and products. WPA repaired faults in the encryption and integrity parts of Wired Equivalent Privacy (WEP) with the intent of providing backward firmware compatibility with older gear. We got the better TKIP (Temporal Key Integrity Protocol) along with other improvements without having necessarily to upgrade all of our equipment. (Mileage varies: Some cards as old as from 1999 can support WPA; other access points made as recently as 2002 must be replaced.)
802.11i's substantial change over WPA's interim rollout involve better handoff and better encryption. The 802.11i standard supports AES key using CCMP which conforms to government security standards. Most silicon made since late 2002 already has the pieces in place to handle the more advanced AES encryption computation and management. For the vast majority of users, AES is an unneeded improvement because it turns an already insoluble problem for all intents and purposes--100 years might be enough time with today's tech to crack a well-chosen TKIP key from some quadrillions of bytes of ciphertext--into a crack that requires the death of stars to achieve.
Still, governments and critical enterprise operations want orders of magnitude better encryption than what TKIP offers for two reasons: first, flaws that reduce the computational magnitude of cracking a TKIP key might still leave the 802.11i advanced key far beyond reach; second, computation speed improves all the time, meaning that a 100-year crack today could be a 1-day crack in five years.
Robert Moskowitz of ICSA Labs, a veteran cryptography expert, said via email, however, that many in the community believe the underlying algorithm for WEP and TKIP will be broken in the next few years in such a way that even TKIP won't provide any real protection against a crack. He recommends a complete transition to AES-based keys as soon as the drivers and hardware support it. I haven't seen the consumer interface to AES yet, so I don't know how feasible that is.
Other improvements in 802.11i have more immediate benefits, as Eric Griffith of Wi-Fi Planet ably explained: first, it offers key caching to allow quick re-attachment to servers when you return; second, it offers pre-authentication for fast roaming among access points in a network. The former capability reduces irritation for uses; the latter helps support encrypted VoIP over WLAN and retains state for short-lived applications, like streaming media.
The practical upshot of 802.11i's ratification is that the floodgates will open as firmware upgrades and new products enter the market: companies that held back due to security concerns can couple the availability of AES keys with robust encrypted EAP sessions for 802.1X authentication. The whole security chain for logging in, exchanging credentials, authenticating, and encryption the link layer becomes so much more robust that a network and a session's integrity just needs to be managed not protected.
The press has been full of reports for years that enterprises were on the verge of adopting WLANs on a widescale basis. A talk I had with Airwave a few days ago indicates that networks with thousands of access points are becoming routine in academia and enterprise. With security beyond reproach available, the switch (pun intended) will be thrown, and the real spending for wide-scale networks will now begin.