📘 Wireless LAN Security with 802.11i — Exam Notes (Network Security)
📡 1. Introduction
Wireless LAN (WLAN) Security refers to protecting Wi-Fi networks from unauthorized access, data theft, and attacks.
👉 The IEEE 802.11i standard is specifically designed to provide strong security for wireless LANs, and it is the foundation of WPA2 security.
🔐 2. What is IEEE 802.11i?
IEEE 802.11i is a security amendment to the Wi-Fi standard that provides robust authentication, encryption, and key management for wireless networks.
👉 Simple idea:
It replaces weak WEP/WPA security with strong cryptographic protection (WPA2).
🎯 3. Objectives of 802.11i
- Strong authentication of users
- Secure key management
- Confidentiality of wireless data
- Data integrity protection
- Protection against replay attacks
🧱 4. Components of 802.11i Security
🔹 1. Authentication
- Ensures only valid users can access the network
- Uses 802.1X framework
🔹 2. Encryption
- Protects data using strong algorithms (AES)
🔹 3. Key Management
- Generates and distributes encryption keys securely
🔑 5. Security Protocols in 802.11i
🔸 1. TKIP (Temporal Key Integrity Protocol)
- Used in WPA (older improvement over WEP)
- Provides per-packet key mixing
❌ Now considered weak
🔸 2. AES-CCMP (Advanced Encryption Standard)
✔ Strong and secure
🔐 6. Authentication in 802.11i (802.1X Framework)
Components:
- Supplicant → User device
- Authenticator → Wi-Fi Access Point
- Authentication Server → RADIUS server
Process:
- User requests access
- Access point forwards request
- RADIUS server verifies identity
- Access granted or denied
🔑 7. Key Management in 802.11i
🔸 Four-Way Handshake
Used to generate encryption keys securely.
Steps:
- Client and Access Point exchange random numbers
- Master Key → derives session keys
- Encryption keys are installed
- Secure communication begins
🛡️ 8. Types of Keys
🔹 Pairwise Transient Key (PTK)
- Used for communication between client and AP
🔹 Group Temporal Key (GTK)
- Used for multicast/broadcast traffic
⚠️ 9. Security Improvements Over WEP/WPA
| Feature |
WEP |
WPA |
WPA2 (802.11i) |
| Encryption |
Weak (RC4) |
TKIP |
AES-CCMP |
| Authentication |
Weak |
Improved |
Strong (802.1X) |
| Security |
Broken |
Moderate |
Strong |
🧠 10. Key Security Features of 802.11i
- Strong encryption (AES)
- Mutual authentication
- Dynamic key generation
- Protection against replay attacks
- Secure key exchange
📊 11. Important Concept
🔸 802.11i Security Model
Authentication (802.1X) + Encryption (AES) + Key Management = Secure WLAN
🖼️ 12. Diagram Descriptions
📌 802.11i Architecture
- User → Access Point → RADIUS Server
📌 Four-Way Handshake
- Client ↔ AP → Key exchange → Secure connection
📌 WPA2 Security Flow
- Authentication → Key generation → Encrypted communication
🧾 13. Real-Life Examples
- 🏢 Enterprise Wi-Fi using WPA2/WPA3 security
- 🎓 University campus wireless networks
- 🏦 Secure banking Wi-Fi systems
- 🌐 Corporate VPN over secure WLAN
📝 Likely Exam Questions
- Define IEEE 802.11i standard.
- Explain the objectives of 802.11i.
- What is AES-CCMP?
- Describe the 802.1X authentication process.
- Explain the four-way handshake.
- Differentiate between WEP, WPA, and WPA2.
- What are PTK and GTK?
- How does 802.11i improve WLAN security?
- Explain key management in 802.11i.
- Write short notes on:
- TKIP
- RADIUS server
- WPA2 security
📌 Quick Summary / Conclusion
- 802.11i is the foundation of WPA2 security for Wi-Fi networks.
- It provides strong authentication, encryption, and key management.
- Uses AES-CCMP for encryption and 802.1X for authentication.
- Introduces secure key generation using four-way handshake.
- It is a major improvement over weak WEP/WPA standards.
👉 In short:
802.11i ensures secure wireless LAN communication by using strong encryption, authentication, and dynamic key management.