802.11i and WPA2

802.11i (an implementation of the RC4 algorithm) was proven to be compromised in the widely distributed Fluhrer, Mantin and Shamir whitepaper. Its authors launched an attack against WEP—802.11i’s RC4 encryption method for data privacy—and demonstrated how hackers could easily recover 128-bit secret keys by constructing new distinguishers for RC4 and launching further key attacks. It was then concluded that weakness of the key scheduling algorithm of RC4 enabled hackers to recover encryption keys used in WEP. That, of course, dealt a blow to WEP, the link-layer security protocol for 802.11i, as it meant that the RC4 scheduling algorithm was only strong enough to protect against casual eavesdropping rather than commercial-grade hacking.

Soon after the report, the IEEE joined forces with the WiFi Alliance (formerly WECA) to address those weaknesses. As a result, the second generation of WiFi Protected Access authentication (WPA2, formerly known as SSN, Safe Secure Network) has emerged. The IEEE and Wi-Fi Alliance intend to unify WPA2 and 802.11i as a standard for security in enterprises, as well as small offices and home implementations that lack RADIUS servers. “The hope is that 802.11i can be integrated with WPA2, thus reducing any confusion around competing standards,” says David Halasz, 802.11i task group chair and manager of software development with Cisco.

Read Full Story