Enterprise Wireless Encryption
Second generation encryption

In addition to the TKIP solution, the 802.11i standard will most likely include the Advanced Encryption Standard (AES) protocol, as shown in Figure . AES offers much stronger encryption. In fact, the U.S. Commerce Department National Institute of Standards and Technology (NIST) organization chose AES to replace the aging DES. AES is now a U.S. Federal Information Processing Standard (FIPS), Publication 197. It defines a cryptographic algorithm for use by United States government organizations to protect sensitive, unclassified information. The Secretary of Commerce approved the adoption of AES as an official Government standard in May 2002.

One issue is that AES requires a coprocessor or additional hardware to operate. This means that companies need to replace existing access points and client NICs to implement AES. Based on marketing reports, the currently installed base is relatively small compared to predicted future deployments. As a result, there will be a very large percentage of new WLAN implementations that will take advantage of AES when it becomes part of 802.11. On the other hand, companies that have already installed WLANs will need to determine whether it is worth the costs of upgrading for better security.

AES specifies three key sizes, which are 128, 192, and 256 bits. It uses the Rijndael Algorithm, as Figure indicates. If someone where to build a machine that could recover a DES key in a second, then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.


Lab Activity

Lab Exercise: Configure Enterprise Security on AP

In this lab, students will demonstrate an understanding of the role of enterprise wireless network security. Additionally, students will configure MIC, TKIP and BKR on an AP.

Lab Activity

Lab Exercise: Configuring Site-to-Site Wireless Link Using Enterprise Security

In this lab, the student will learn to configure a site-to-site bridged network using enterprise security features (BR350).

Lab Activity

Lab Exercise: BR1310 Configuring Site-to-Site Wireless Link using Enterprise Security

In this lab, students will learn to configure a site-to-site bridged network using enterprise security features (BR1310).

Web Links