In addition to the TKIP solution, the 802.11i standard will most likely
include the Advanced Encryption Standard (AES) protocol, as shown in Figure
. AES offers much
stronger encryption. In fact, the U.S. Commerce Department National Institute
of Standards and Technology (NIST) organization chose AES to replace the aging
DES. AES is now a U.S. Federal Information Processing Standard (FIPS),
Publication 197. It defines a cryptographic algorithm for use by United States
government organizations to protect sensitive, unclassified information. The
Secretary of Commerce approved the adoption of AES as an official Government
standard in May 2002.
One issue is that AES requires a coprocessor or
additional hardware to operate. This means that companies need to replace
existing access points and client NICs to implement AES. Based on marketing
reports, the currently installed base is relatively small compared to predicted
future deployments. As a result, there will be a very large percentage of new
WLAN implementations that will take advantage of AES when it becomes part of
802.11. On the other hand, companies that have already installed WLANs will
need to determine whether it is worth the costs of upgrading for better
security.
AES specifies three key sizes, which are 128, 192, and 256 bits. It uses the
Rijndael Algorithm, as Figure
indicates. If someone where to build a machine that could recover a DES key in
a second, then it would take that machine approximately 149 thousand-billion
(149 trillion) years to crack a 128-bit AES key. To put that into perspective,
the universe is believed to be less than 20 billion years old.