RealTime IT News

Ominous Wi-Fi Bannings

From laboratories to lugers, the security of wireless LANs is being scrutinized. Is this only a bump in the road of the meteoric rise of Wi-Fi, or is something inherently flawed with the popular technology?

If you ask Brian Grimm, a spokesman for the Wireless Ethernet Compatibility Alliance, the 140-member trade group supporting Wi-Fi, recent reports of 802.11b being banned or restricted is the natural evolution of the wireless technology.

Researchers who earlier this month revealed faults in new 802.11x Wi-Fi security call WLANs insecure.

In January, the U.S. Department of Energy's Lawrence Livermore National Laboratory, responsible for much of the nation's weapons research, temporarily extended a decades-old ban of wireless devices in classified areas to ban the "deployment and use of all wireless computer local area networks (LANs)" in unclassified areas.

While just two WLAN sites were effected by the ban, Lawrence Livermore said the restriction would continue pending completing a review of security risks posed by wireless LANs. The ban, put in place Jan. 31, remains in effect, says Lawrence Livermore spokesman David Schwoegler.

WLANs took another hit when several security firms reported in January that wireless systems used at airports from San Jose to Boston for bag matching and curbside check-in were operating without any security. Although airlines downplayed the security risk, the U.S. Department of Transportation has launched an examination of wireless LANs used by airlines.

The International Olympic Committee (IOC) Feb. 15 was forced to knock down reports stating that it would ban the use of wireless networks during future games. An IOC spokeswoman told reporters that Wi-Fi LANs could be used before the 2008 games, if security issues were resolved.

While Wi-Fi wasn't used by officials during the 2002 Winter Olympics in Salt Lake City, Utah, biathlon teams used 802.11b transmitters strapped to their ankles to keep player and coaches in sync. News organizations, such as Reuters, employed Wi-Fi connections to send photos and stories from mountain-top venues.

To cap off all the security worries, University of Maryland professor William Arbaugh Feb. 14 announced Wi-Fi and 802.1x security flaws. Wi-Fi using 802.1x is the security protocol set to replace the notorious WEP (Wired Equivalent Privacy) security measure.

Grimm says WEP is a broken security solution that should be used to protect data of only minimal importance. The future of Wi-Fi security rests with TKIP (Temporal Key Integrity Protocol), says WECA. TKIP quickly changes WEP encryption keys about every 10,000 packets. With WEP, a single key encrypted an entire WLAN conversation.

TKIP, set to become available in the second quarter, is compatible with current WLAN products and is upgradeable through a software patch.

The National Institute of Standards, the U.S. governmental body that funded Arbaugh's research into 802.1x, uses AES (Advanced Encryption Standard) as the nation's official security protocol protecting unclassified information. AES will be available to WLAN users early in 2003, according to WECA.

AES for wireless devices requires additional hardware to be used in WLANs. Co-processing chips are needed to share the encryption and decryption of data. Without a co-processor, WLANs would slow. Also hampering the introduction of AES is the need for new Wi-Fi cards for each device.

In the meantime, WECA's Grimm advises WLAN systems use Virtual Private Networks to create secure 'tunnels' for important data. Wi-Fi is not invulnerable. Says Grimm: "Even Microsoft releases monthly security updates."