What does the 802.11 i standard cover?
In our previous tutorial, we explored the network security protocols based on AAA architecture and IEEE standard 802.1x protocols for authentication. Show
In this sequential part, we will dive deep into some more network security protocols along with their enhanced features. Suggested Read => Series of Tutorials on Computer Networking Basics Let’s Explore!! What You Will Learn: 802.11 Authentication and AssociationIt requires a wireless device like a mobile station called STA and an access point (AP). The concept of 802.11 authentication lies in between building up the identification and authentication between the STA and AP. The AP can be a router or switch. There is no encryption of the message involved in this process. AuthenticationThere are two types of authentication as mentioned below:
Open key Authentication:The authentication request is sent from the client user to the access point containing the wired equivalent privacy (WEP) key for authentication. In response, the access point (AP) sends a success message only if the WEP key of both the client and AP match with each other, if not it circulates a failure message. Shared Key Authentication:In this method, the AP floats an unencrypted challenge text message to the client trying to communicate with the access point. The client device which is appealing for the authentication encrypts the message and sends it back to AP. If encryption of the message is found right then, the AP permits the client device to authenticate. As it uses WEP key in this method, the AP is open to virus attacks by just evaluating the WEP key and hence it is less secured for the authentication process. WPA (Wi-Fi Protected Access) Key Method: This method provisions the enhanced level of data security features for wireless devices. This is also companionable with the 802.11i method. In WPA-PSK, a pre-shared key is generated before the start of the authentication process. Both the Client as well the AP use PSK as the PMK, pair-wise master key for authentication by using an EAP authentication method. AssociationAfter the completion of the authentication process, the wireless client can associate and enroll itself with the access point which can be a router or switch. After the association, the AP saves all the necessary information regarding the device that it is associated with so that the data packets can be accurately destined. Association Process:
802.11i ProtocolThe 802.11i uses an authentication protocol which was used in the 802.1x with some enhanced features like a four-way handshake and group key handshake with suitable cryptographic keys. This protocol also provides data integrity and confidentiality features. The start of the protocol operation takes place with the authentication process which was done by the EAP exchange with the company of the authentication server by following the rules of 802.1x protocol. Here when 802.1x authentication is done, a secret key which is known as a pairwise master key (PMK) is evolved. Four-way HandshakeHere the authenticator is known as the access point and the supplicant is the wireless client. In this handshake, both the access point as well as the wireless client need to verify that they are familiar with each others PMK, without revealing it. The messages between these two are shared in an encrypted form and only these have the key to decrypt the messages. Another key known as a pairwise-transient key (PTK) is used in the authentication process. It consists of the following attributes:
The output is then planted into the pseudo-random function. The handshake also capitulates the group temporal key (GTK) for decryption at the receivers end. The handshake process is as follows:
Group Key HandshakeThe GTK is used every time when a particular session is expired and updating is required to start with a new session in the network. The GTK is used to guard the device against receiving broadcast kind of messages from the other resources of other AP. The group key handshake consists of two-way handshake process:
Two-way handshake takes place in the above-mentioned way. 802.1XIt is a port-basis standard for network access control. It provisions the authentication process to devices who want to communicate in LAN or WLAN architecture. The 802.1X authentication includes three participants, i.e. a supplicant, an authenticator, and an authentication server. The supplicant will be the end device like a laptop, PC or Tablet which wants to initiate the communication over the network. The supplicant can also be a software-based application running on the client host PC. The supplicant also supplies the credentials to the authenticator. The authenticator is the machine like an Ethernet switch or WAP and the authentication server is a remote end host device which is running the software and backing the authentication protocols. The authenticator behaves as a safety shield to the guarded network. The host client which has initiated the communication is not permitted to access the guarded side of the network via the authenticator unless its identity has been validated and authenticated. By using 802.1X, the supplicant supplies the credentials like digital signature or login username and password, to the authenticator, and the authenticator redirects it to the authentication server for authentication. If the credentials are found to be bonafide, then the host device is permitted to access the resources situated at the guarded side of the network. Steps involved in the Authentication Process:
802.1x Authentication Process ConclusionHere, in this tutorial, we explored the working of 802.11, 802.11i and 802.1x authentication protocols. The networking system becomes more secure, by deploying the EAP method for authentication and by using mutual authentication both at the client and Access point end using different types of encryption key methods. Which type of network is covered by the IEEE 802.11 standards?IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires.
Is 802.11 i the same as WPA2?IEEE 802.11i is the basis for WPA2, and WPA2 is the term used to identify IEEE 802.11-based products which meet IEEE 802.11i security standards. WPA2 differs from WPA in the use of a stronger encryption algorithm. While WEP and WPA used RC4 encryption, WPA2 uses the stronger AES encryption algorithm.
Which 802.11 standard runs on 5GHz?802.11a supported the 5 GHz band and a theoretical maximum speed of 54 Mbps. In the early 2000s, many business/enterprise wireless devices used 802.11a Wi-Fi radios. The 5GHz bandwidths allowed for higher speeds than 802.11b and 2.4 GHz.
Which of the following security features is deployed by 802.11 i?802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.
|