The forthcoming IEEE 802.11i standard will plug all known security holes in IEEE 802.11 wireless LANs, also known as Wi-Fi, but probably won't have final approval or be shipping in products until about a year from now.

This was announced during the Intel Developer Forum last week. Intel is involved in drafting the specification.

WEP (Wired Equivalent Privacy) - the security mechanism initially built into all standard 802.11 products - encrypts data on the wireless network. However, it's flawed because it reuses the same encryption key, said Jesse Walker, a network architect at Intel and the editor of the 802.11i standard now in development at the Institute of Electrical and Electronics Engineers (IEEE). Hackers can figure out that key from a small amount of traffic, he said. WEP also doesn't stop interlopers from altering data as it crosses the network, he added.

Among other improvements, 802.11i will include a system for creating fresh keys at the start of each session. It will also provide a way of checking packets to make sure they are part of a current session and not repeated by hackers to fool network users, Walker said. To manage keys, it will use RADIUS (Remote Access Dial-In User Service) to authenticate users and the IEEE 802.1x standard.

In advance of the approval of 802.11i, users should be able to give their wireless LANs a subset of the upcoming security features through a software or firmware upgrade to WPA (Wireless Protected Access), a specification adopted by the Wi-Fi Alliance, the industry group that certifies Wi-Fi products. Beginning in August, all Wi-Fi products will be equipped with WPA, Walker said.

Meanwhile, in order to protect against professional hackers, Sundaralingam recommends adopting strong encryption systems such as TKIP (Temporal Key Integrity Protocol), which will be used in WPA and 802.11i, or CKIP (Cisco Key Integrity Protocol), a proprietary implementation of the 802.11i recommendations that Cisco developed as a stop-gap measure.