Implementing IEEE 802.11i Security Standard on Intel IXP-425 Network Processor platform
The IEEE 802.11 standard that was published in 1999 uses IEEE 802.1x authentication along with WEP encryption for providing security in WLANs. This is the highest form of security used in most of the currently available wireless network products that are compliant with 802.11 a/b/g standards. However, this security standard has some known and proven vulnerabilities. Some of the major deficiencies with 802.11 security are the reuse of a limited number of default WEP keys to encrypt the data packets. The presence of RC4 weak keys seriously compromises security this is exploited in the FMS attack. A public domain hacker software Airsnort has implemented the FMS attack.
IEEE 802.11 standard does not provide any mechanism to dynamically replace keys forcing the use of static keys in the networks. It is also vulnerable to packet forgeries and replay of packets with their address field changed.
Because of these problems with WEP the IEEE 802.11i group has come up with a new security standard for wireless LANs. This new standard uses the IEEE 802.1x authentication mechanism along with AES encryption in CCMP mode. It also defines a new encryption scheme in TKIP that is compatible with the WEP packet frame formats. 802.11i also define a new mechanism for key exchange namely the 4-way handshake. The final draft of IEEE 802.11i standard was published in July 2004 .
Our goal in this project is to implement this standard using an IXP-425 network processor platform as the access point connecting the wireless clients to a server. The IXP-425 network processor incorporates specially designed Network processing engines that can be used to provide hardware acceleration for common cryptography algorithms ( also supports AES-CCMP).
We propose to analyze the performance of wireless LANs using the IEEE 802.11i standard for real time audio data and to demonstrate the performance enhancements that can be achieved by using the IXP-425 network processors in WLANs.