Most Secure WiFi

Fast Handoff Technologies in WiFi Networks

Although the wireless technology nowadays provides satisfying bandwidth and higher speeds, it still lacks improvements with regard to handoff performance. Several studies have shown that the IEEE 802.11 scanning phase introduces most of the latency in pre-802.11i deployments. However, when IEEE 802.11i is used, link layer authentication based on the Extensible Authentication Protocol (EAP) can also introduce substantial delays.

There exist four main alternatives for reducing authentication delays during handoffs in IEEE 802.11 networks.

IEEE 802.1X pre-authentication.

The IEEE 802.11i standard specifies how wireless stations can perform pre-authentication over the distribution system while still connected to their current access point. The idea is that if the station can perform authentication in advance, fewer exchanges will be needed during the handoff which reduces the handoff latency.

To initiate a pre-authentication, the station issues an IEEE 802.1X EAPOL-Start message destined to the target access point. This message is forwarded by the current access point to the target access point based on routing information embedded in the message. The target access point processes the EAPOl-Start message and initiates an IEEE 802.1X/EAP authentication. The result of a successful IEEE 802.1X/EAP pre-authentication is a security association shared between the station and the access point. When the station eventually decides to associate with the target access point the pre-established security association is used and the full EAP exchange is avoided.

Pairwise Master Key (PMK) caching.

PMK caching is a basic handoff optimization technique that all IEEE 802.11i compliant wireless devices already support. Wireless stations and access points can store security credentials derived from a full EAP authentication. The stored security association can then be used later on if the wireless station comes back to the same location.

Opportunistic PMK pre-caching.

The opportunistic PMK pre-caching technique works as follows: when a wireless station enters an access network, it uses IEEE 802.11i/EAP and establishes a fresh security association with the first access point it encounters. The controller of the local access network retrieves the security association from the first access point and forwards it to other access points in the access network. When the station moves to another access point, the pre-distributed security association is used to perform mutual authentication between the station and the access point without the need for using a full EAP exchange.

Fast BSS transitions : IEEE 802.11r.

When an IEEE 802.11r compliant station enters an access network, it first performs authentication using EAP with the access network's controller. The resulting keying materials are used by the station and the controller to derive a key called PMK-R0. PMK-R0 is then used to derive per-access-point keys. The name for such keys is PMK-R1. The controller finally sends the PMK-R1 keys to their corresponding access points. The controller that holds the PMK-R0 key is called 'R0 Key Holder' (R0KH), while the access points to which PMK-R1 keys are delivered are called 'R1 Key Holders'(R1KH). After this initla key distribution phase, the wireless station is able to perform mutual authentication with any access point in the access network without the need for a full EAP exchange.

Be sure to check the latest information on wireless security and performance that will help you get more in depth in these topics.

Article Source: Http://…

How to Set Up WiFi the RIght Way – Gotta Be Mobile

Gotta Be MobileHow to Set Up WiFi the RIght WayGotta Be MobileFor instance, you'll want to change the WiFi password, as well as the type of protection used to secure the WiFi network. More often than not, routers default to using WEP protection, which is easily hackable. It's also possible that your router isn't …

Intro Aruba Networks Instant, the world's most scalable …