someone emailed about what RSN was, so i thought id post this tidbit: - Jon
*** Wi-Fi Protected Access *** The first task is to plug security holes in legacy devices, typically through firmware or driver upgrades. The Wi-Fi Alliance has taken a subset of the draft 802.11i standard, calling it WPA, and now certifies devices that meet the requirements. WPA uses Temporal Key Integrity Protocol (TKIP) as the protocol and algorithm to improve security of keys used with WEP. It changes the way keys are derived and rotates keys more often for security. It also adds a message-integrity-check function to prevent packet forgeries. While WPA goes a long way toward addressing the shortcomings of WEP, not all users will be able to take advantage of it. That's because WPA might not be backward-compatible with some legacy devices and operating systems. Moreover, not all users can share the same security infrastructure. Some users will have a PDA and lack the processing resources of a PC. What's more, TKIP/WPA will degrade performance unless a WLAN system has hardware that will run and accelerate the WPA protocol. For most WLANs, there's currently a trade-off between security and performance without the presence of hardware acceleration in the access point. *** Robust Security Network *** RSN uses dynamic negotiation of authentication and encryption algorithms between access points and mobile devices. The authentication schemes proposed in the draft standard are based on 802.1X and Extensible Authentication Protocol (EAP). The encryption algorithm is Advanced Encryption Standard (AES). Dynamic negotiation of authentication and encryption algorithms lets RSN evolve with the state of the art in security, adding algorithms to address new threats and continuing to provide the security necessary to protect information that WLANs carry. Using dynamic negotiation, 802.1X, EAP and AES, RSN is significantly stronger than WEP and WPA. However, RSN will run very poorly on legacy devices. Only the latest devices have the hardware required to accelerate the algorithms in clients and access points, providing the performance expected of today's WLAN products. WPA will improve security of legacy devices to a minimally acceptable level, but RSN is the future of over-the-air security for 802.11. pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
