802.11i PHYs ============== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is PHY in IEEE 802.11i?** IEEE 802.11i is a security amendment to the IEEE 802.11 wireless LAN standard that replaces the insecure WEP with stronger authentication and encryption mechanisms. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What security weaknesses does 802.11i address?** It addresses vulnerabilities in WEP by introducing robust encryption, authentication, and key management protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What encryption algorithms are used in 802.11i?** 802.11i defines TKIP and CCMP (AES-based) encryption; CCMP is mandatory for strong security. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is TKIP in 802.11i?** TKIP (Temporal Key Integrity Protocol) was designed to provide improved security over WEP without requiring new hardware, but is now considered obsolete. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is CCMP in 802.11i?** CCMP (Counter Mode CBC-MAC Protocol) uses AES encryption and provides strong confidentiality and data integrity. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does authentication work in 802.11i?** Authentication can be done via 802.1X with EAP methods for enterprise setups or using Pre-Shared Keys (PSK) for simpler environments. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the four-way handshake?** It is a key exchange process that establishes fresh encryption keys between the client and access point after authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the Group Temporal Key (GTK)?** The GTK is a shared key used to encrypt multicast and broadcast traffic within a WLAN. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is RSN (Robust Security Network)?** RSN is the security architecture in 802.11i defining how stations negotiate security capabilities and keys. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does 802.11i modify the physical or MAC layers?** No, it enhances security at the MAC layer but does not change physical layer protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does 802.11i protect against replay attacks?** It uses sequence counters and message integrity codes to detect and reject replayed frames. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is WEP still allowed under 802.11i?** No, WEP is deprecated and not compliant with 802.11i security requirements. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What role does 802.1X play in 802.11i?** 802.1X provides port-based network access control and is used for authentication in enterprise Wi-Fi networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can 802.11i work without an authentication server?** Yes, using Pre-Shared Key (PSK) mode, suitable for small or home networks without centralized authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of the Pairwise Transient Key (PTK)?** PTK is a unique encryption key derived between a client and AP for securing unicast communications. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does 802.11i improve data confidentiality?** By using strong AES encryption (CCMP), it ensures that transmitted data cannot be easily intercepted or decrypted. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the difference between TKIP and CCMP?** TKIP is a legacy encryption protocol providing moderate security, while CCMP is a modern AES-based protocol with strong security guarantees. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is 802.11i backward compatible with older devices?** Only partially; devices that do not support AES/CCMP may fall back to weaker protocols or fail to connect. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does 802.11i support fast roaming?** 802.11i itself doesn't define fast roaming, but it supports protocols like PMK caching that enable quicker handoffs. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the impact of 802.11i on wireless performance?** Strong encryption and key management introduce some overhead, but modern hardware minimizes performance impact. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is 802.11i still relevant today?** Yes, 802.11i forms the basis of WPA2 security, which is widely used in current Wi-Fi networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What replaced 802.11i in newer standards?** WPA3 builds on 802.11i by adding enhanced encryption and authentication mechanisms for improved security. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Reference links ` .. _phy_i_step17: .. tab-set:: .. tab-item:: Reference links * Reference links