search
Login   |   About  |   Contact us  |   Glossary  |   Advertising
« Cloud for Windy City
Silicon Valley & New York Clouds »

802.11w: More Security

Get ready for yet another security standard coming down the pike — 802.11w.

The highly secure IEEE 802.11i standard patched the holes in the original Wired Equivalent Privacy (WEP) specification by introducing new cryptographic algorithms, now used in WiFi Protected Access (WPA) and WPA 2. It’s standard issue in most current WiFi gear and can encrypt data end-to-end.

Now, the 802.11w task group, reports TechWorld, is looking at extending that same protection beyond data to management frames, which perform core operations on a network.

With the new drafts of 802.11r (fast handoff and roaming), 802.11k (radio resource management) and 802.11v (wireless network management), it was determined that highly sensitive information about wireless networks is being exchanged in these non-secure frames and was vulnerable to attack.

802.11w proposes to extend 802.11i to cover these frames.

IEEE started work on this proposal early in 2005, and an official draft is expected to be ratified in the first half of 2008. 802.11w will require changes to the firmware of clients and access points. It should not require hardware changes, however, and thus might be available as a software-only upgrade to many types of hardware.

Three 802.11w provides protection in three categories.

  • The first is for unicast management frames, or frames between one access point and one client. It reports network topology and modifying client behavior. Unprotected unicast management frames provide a powerful arsenal to an attacker, who can discover the layout of the network, pinpoint the location of devices and mount far more successful denial-of-service (DOS) attacks against a network. 802.11w extends existing data encryption algorithms to the unicast management frames.
  • The second method is for generic broadcast management frames. These frames are less common and typically are used to adjust radio frequency properties or start measurements, rather than report sensitive information. Thus, 802.11w proposes to protect only against forgeries, and not provide confidentiality.
  • The third method is for deauthentication and disassociation frames. By using a pair of related one-time keys, one secret in an access point and one for a client, the client can determine if the deauthentication is valid.

By protecting the contents of most frames from eavesdropping, and of certain crucial frames from forging, 802.11w will stop the information leakage and reduce some basic DOS attacks, explains TechWorld.

Oh dear, what WILL the IEEE do after 802.11z?

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • StumbleUpon
  • Technorati

Posted by Sam Churchill on Friday, April 28th, 2006 at 7:58 am.

Something to say?

You must be logged in to post a comment.