Home > Uncategorized > The IEEE 802.11n Standard: A Step Backwards for Security?

The IEEE 802.11n Standard: A Step Backwards for Security?

In 1997 the first IEEE 802.11 wireless standard was published. Since then, we’ve seen 802.11a, 11b, 11g, and 11i, and with each new standard have generally come numerous performance enhancements and new functionality. Although 11g is currently the reigning standard, 11i is the “tried and true” standard for anyone for whom security is a concern. 11i prescribes:

• Port authentication (authentication of a “supplicant” whose process has reached a port before the port is opened)
• Use of the Extensible Authentication Protocol (EAP)
• Secure key creation and key management mechanisms
• Robust Secure Network (RSN), replacing TKIP (Temporal Key Integrity Protocol) with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
• Strong encryption of data in motion with AES (Advanced Encryption Standard) encryption instead of often justifiably maligned Wired Equivalent Privacy (WEP) encryption, the type of encryption in earlier 802.11 standards

I suspect that 11i would be more widely adopted if not for the cost associated with upgrading to this standard. The cost of upgrading wireless network interface cards (NICs) with special 11i-compatable NICs as well as purchasing 11i-compatable wireless access points is a hurdle (albeit not a overwhelming one) to many who are considering making this upgrade. Still, security-conscious organizations and individuals see the need for and implement 11i.

The 802.11n standard attempts to builds upon prior 802.11 standards by calling for multiple-input multiple-output (MIMO). Using multiple transmitter and receiver antennas, MIMO will deliver a capability called spatial multiplexing that will result in increased range of wireless networks. At the same time, it will support a bandwidth of over 400 Mbps, something that is even more impressive when the bandwidth of 11g (20 and more Mbps in the 2.4 GHz band and 54 Mbps over short distances) is considered. Whereas performance problems have frequently dogged wireless networks, these problems will become a thing of the past.

Although the 11n standard can in many ways be considered a big breakthough in wireless local area network (WLAN) standards, something about them worries me, namely that this standard is void of content relevant to security. I’m concerned that this standard is one of the many standards that have emerged in the past that call for “bigger and better” functionality and improved performance at the expense of lack of inherent security. Additionally, I worry that the momentum that the 11i standard has enjoyed over the last few years will come to an end with the emergence of a new standard that promises so much, yet does not factor in security. I wonder why those who drafted the provisions of this standard lacked the wisdom that leads engineers and others to consider what the likely consequences are if security in a product is not built into it.

There is hope, however. The Enhanced Wireless Consortium (EWC), a group formed to speed up the development of the 11n standard, is developing a specification for achieving interoperability of forthcoming WLAN products. Hopefully, a few members of this consortium will start asking questions about security and do something accordingly. Something that would pave the way for compatibility between fast WLAN networks and WANs with high levels of security would be a major step forward. Additionally, the final version of the 11n standard has not yet been ratified. Ratification is not expected until November or December of this year. Who knows, perhaps someone on this standards group will come to his or her senses and wake members up to their blindness to security issues.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.