Encryption is provided for a wireless network comprising a first wireless station and at least a second wireless station. First messages are exchanged between the first wireless station and the second wireless station over a first synchronous wireless link to establish a shared secret and a first session key, the first messages not being encrypted. The MAC layer of the first synchronous wireless link is then encrypted using encryption on the basis of the first session key, then further messages are exchanged between the first wireless station and the second wireless station over the first synchronous wireless link to establish a second session key, the further messages being encrypted by the encryption of the MAC layer of the first synchronous wireless link. The MAC layer of the first synchronous wireless link is then encrypted using encryption on the basis of the second session key.