802.1x Security

802.1x security options include authentication and encryption services that are based on the WEP algorithm. 802.1x supports two authentication subtypes: open system and shared key. Open system is a default null authentication algorithm that involves a two-step process: an identity assertion and request for authentication and an authentication result. Shared key authentication assumes that each wireless station has received a secret shared key over a secure channel that is independent from the 802.1x wireless network communications channel.

40-bit authentication and encryption secret keys define the WEP algorithm. 802.1x does not require that the same WEP keys be used by all wireless stations. It also allows a station to maintain two sets of shared keys: a per-station unicast session key and a multicast/global key. 802.1x primarily supports shared multicast/global keys but it is expected to support per-station unicast session keys in the near future.

WEP security uses encryption to protect authorized users of a wireless LAN from eavesdropping and provides physical security attributes comparable to a wired networking medium. WEP security is a symmetric algorithm in which the same key is used for both cipher and decipher commands. The secret key is concatenated with an initialization vector, which creates a seed that serves as input to a pseudorandom number generator. The pseudorandom number generator generates the key sequence that is combined with the message text concatenated with integrity check value. This process forms the actual data sent in an 802.1x data frame.

While the secret key remains constant, the initialization vector is changed periodically and as frequently as every MAC protocol data unit. Initialization vector values change depending on the degree of privacy required by the WEP algorithm. Changing the initialization vector after each MAC protocol data unit is the best way to maintain WEP security.

Without a WEP key management protocol, 802.1x security services are limited, especially in a wireless infrastructure network mode with a large number of stations. Lack of authentication and encryption services also impacts operation in a wireless ad hoc network mode. The 802.1x security option for access control does not scale appropriately in a large infrastructure network mode and ad hoc network mode. In addition, lack of Inter Access Point Protocol further accentuates the key management issues when stations roam from one to access point to another.

For information about 802.1x security, see this Microsoft Web site.

See Also

Secure Your Wireless Network | 802.1x Deployment Issues

 Last updated on Tuesday, May 18, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.