Wi-Fi Boosts Security
To answer charges of weak security in popular Wi-Fi networks, an industry group is announcing an enhanced wireless security scheme that in most cases avoids the need for hardware upgrades.
The new spec, Wi-Fi Protected Access (WPA), offers better security than the WEP (Wired Equivalent Privacy) security algorithm currently built into both the 11-megabits-per-second (802.11b) and the 54-mbps (802.11a) versions of Wi-Fi. Officials of the Wi-Fi Alliance, a trade group that certifies Wi-Fi products for interoperability, say that vendors should be able to offer WPA via drivers and firmware upgrades for legacy products starting in February.
WPA is based on parts of the IEEE's coming
People and companies that already have Wi-Fi networks up and running will in many cases be able to enjoy the improved security in WPA via firmware upgrades supplied by their equipment vendors.
How does WPA improve on WEP? WEP requires users to enter a "key" whose length varies with the strength of encryption that the hardware supports and with whether you use hexadecimal or ASCII characters. The key is used to encrypt data transmitted over the network. Since the WEP key is static, however, a well-equipped hacker can identify it in as little as an hour or by intercepting and analyzing the encrypted content.
With WPA, as with WEP, you start by entering a password. But "this password only initializes or kicks off the encryption process," says David Cohen, chair of the Wi-Fi Alliance's security task force. "The actual key rotates all the time. A new key is used for every data packet set over the air."
This improved encryption technology, known as TKIP (Temporal Key Integrity Protocol), is much tougher to break than WEP. Vendors don't have to offer it immediately, but the Wi-Fi Alliance will begin certification testing of WPA software upgrades and products in February. By next fall, WPA support will be a prerequisite for Wi-Fi Alliance certification (replacing the current WEP requirement).
WPA will work with all variants of Wi-Fi, including 802.11b (11 mbps on the 2.4-ghz band), 802.11a (54 mpbs on the 5-ghz band), and the new 802.11g standard (54 mbps on the 2.4-ghz band).
WPA will work in two different ways, depending on the type of network. In corporate settings, it will work with authentication servers, so IT staffs can manage network security. In homes and small offices lacking authentication servers, the technology will work in a so-called preshared key mode. Users simply enter the network key to gain access.
"It's definitely a good step," says Bob O'Donnell, director of personal technology for research firm IDC. "They clearly needed to do something, not only from an actual perspective but from a public relations perspective."
O'Donnell notes, however, that every device on a wireless network must be upgraded to WPA in order for the new standard to take effect. If some devices still use WEP, the entire network will fall back to the older, weaker security algorithm. This could be a problem in configurations of Wi-Fi products assembled from multiple vendors, especially if vendors are slow to offer the software upgrade.
But O'Donnell thinks that most vendors will offer the upgrade in a timely manner. "They recognize that there's a need to improve security. As hot as 802.11 is--and it's very hot--the only thing that's keeping it from going through the roof is the security."
A few caveats remain. WPA won't work if you're operating in ad hoc mode, with a simple peer-to-peer configuration of clients and no access point or gateway, O'Donnell says.
Of course, the best security algorithms in the world won't help if you don't turn them on. Like WEP before it, WPA will not, by default, be enabled after you upgrade, notes Ken Dulaney, a Gartner analyst. So when the upgrades become available, security-conscious wireless network users should be sure to install them and set a password in order to safeguard their network from outsiders.