One of the major tasks for 802.11i is to shore up the link-layer security of wireless networks. In the short term, security is improved by adding a enhancements on to standard
RC4-based WEP. (The most notable enhancements are the Temporal Key Integrity Protocol, TKIP, and the Michael message integrity check. The Wi-Fi Alliance has branded these as Wi-Fi Protected Access, WPA.)
Many in the industry views WPA as a stopgap measure intended mainly to buy time to get link-layer security right. 802.11i has always included a privacy algorithm based on the Advanced Encryption Standard (AES). It has always been a stated goal that the AES-based encryption in 802.11i should offer the strongest level of privacy possible. One way that the goal is often phrased is that 802.11i should offer security mechanisms that allow deployment of 802.11 networks without requiring extra network components for encryption. Put another way, 802.11i is designed to offer cryptographic security over the air equivalent to IPSec.
U.S. Government agencies are required by Federal Information Processing Standard (FIPS) 140-2 to use only approved cryptographic components to protect “sensitive” data. Obtaining approval for a cryptographic module, such as a networking component, has two major steps. First, the module must use approved encryption ciphers, and the ciphers must be used in approved modes of operation. Second, the actual product itself is subject to extensive testing and validation to ensure that it meets FIPS requirements. FIPS certification is quite difficult, but often important for manufacturers of security products because it is often a requirement for purchase. U.S. government agencies are required to use FIPS certified products. Companies that do extensive business with the government may be subject to downstream application of FIPS, or they may adopt the requirements as a “best practice” security procedure to satisfy security auditors.
802.11i includes both RC4-based encryption (the collection of protocol mechanisms that make up WPA) and the AES-based algorithm called the Counter Mode CBC-MAC Protocol (CCMP). The flawed design of WEP, and fact that WPA is simply a patch, make it unlikely that WPA would ever gain FIPS approval. CCMP is based on a FIPS-approved cipher, and is the future of wireless security at the link layer. However, CCMP cannot currently become FIPS-approved because it uses an unapproved mode.
On September 4, NIST released a draft of Special Publication 800-38C, the main document linked above. If adopted, it would be the first step in gaining approval for 802.1X-based solutions in sensitive, security-conscious networks. Many of the existing networks were built years ago, in the bad old days of easily cracked static WEP. What many administrators have discovered is that VPNs impose a significant performance tax, and there is often significant network administration overhead to run them. With NIST working to approve CCMP in principle, it opens the door to build networks based on 802.11i, without requiring the use of a VPN.