Only the latest devices have the hardware required to accelerate the algorithms in clients and access points, providing the performance expected of today's WLAN products. However, RSN will run very poorly on legacy devices. Using dynamic negotiation, 802.1X, EAP and AES, RSN is significantly stronger than WEP and WPA. The encryption algorithm is Advanced Encryption Standard ( AES).ĭynamic negotiation of authentication and encryption algorithms lets RSN evolve with the state of the art in security, adding algorithms to address new threats and continuing to provide the security necessary to protect information that WLANs carry. The authentication schemes proposed in the draft standard are based on 802.1X and Extensible Authentication Protocol (EAP). RSN uses dynamic negotiation of authentication and encryption algorithms between access points and mobile devices. For most WLANs, there's currently a trade-off between security and performance without the presence of hardware acceleration in the access point. What's more, TKIP/WPA will degrade performance unless a WLAN system has hardware that will run and accelerate the WPA protocol. Some users will have a PDA and lack the processing resources of a PC.
Moreover, not all users can share the same security infrastructure. That's because WPA might not be backward-compatible with some legacy devices and operating systems. While WPA goes a long way toward addressing the shortcomings of WEP, not all users will be able to take advantage of it. It also adds a message-integrity-check function to prevent packet forgeries. It changes the way keys are derived and rotates keys more often for security. WPA uses Temporal Key Integrity Protocol ( TKIP) as the protocol and algorithm to improve security of keys used with WEP. The Wi-Fi Alliance has taken a subset of the draft 802.11i standard, calling it WPA, and now certifies devices that meet the requirements.
The first task is to plug security holes in legacy devices, typically through firmware or driver upgrades.
The 802.11i standard, which isn't expected to be complete until later this year, includes two main developments: Wi-Fi Protected Access ( WPA) and Robust Security Network (RSN). 802.11i is building the standard around 802.1X port-based authentication for user and device authentication.
To help address this gap in WLANs, the IEEE 802.11 Working Group instituted Task Group i to produce a security upgrade for the 802.11 standard.