Safety in 802.11 networks

The IEEE 802.11 standard issued by the IEEE (Institute of Electrical and Electronic Engineers) specifies the characteristics of wireless local area networks (WLAN – Wireless Local Area Network) in several amendments (a, b, d, e, g, h, i, j). Amendment 802.11i defines all the security mechanisms required for 802.11 networks. On the one hand, it ensures the authentication of wireless terminals. To this end, it adapts the IEEE 802.1X security solution, originally designed to authenticate terminals in the context of wired networks. On the other hand, it addresses the protection of data flows over the radio link, defining a data exchange protection service based on the historical WEP (Wired Equivalent Privacy) solution. The IEEE 802.11i amendment enhances the WEP solution by allowing encryption keys to be dynamic. To achieve this, it defines how to manage and exchange dynamic keys, by defining key management and security association protocols. The term RSN, for Robust Security Network, is often used in reference to the greatly improved security level compared to the original WEP. Finally, it enables 802.11 equipment implementing 802.11i to remain interoperable with earlier equipment implementing a WEP solution and static encryption keys.

These standards are complex and voluminous. Clear, concise documents on the subject are almost non-existent, or quickly require highly specialized knowledge. In this article, we propose to provide an overview of the security solutions included in the 802.11 standards, and to explain them in didactic detail.

This article begins with an introduction to 802.11 networks. It then presents the overall security solution as adopted, and reviews the various security components defined, such as solutions for authentication, cryptographic key and security association management, and data exchange protection. Finally, the article presents a new type of network – mesh networks – currently being standardized, with solutions recommended by the IEEE.