Highlighting the shortcomings of the Wi-Fi Wired Equivalent Privacy (WEP)
security standard, Microsoft on Monday rolled out its
own alternative for Windows XP users, new software that promises increased
security in the areas of data encryption and user authentication.
Microsoft announced the availability of a free XP download with support
for the standards-based Wi-Fi Protected Access (WPA), a network security
solution from the Wi-Fi
Alliance.
Microsoft’s XP update would tweak the way the OS communicates with the
Wi-Fi protocol. Instead of having one encrypted key for everyone to connect
to the network, Microsoft said its WPA update would provide separate keys
for each system connecting to the Wi-Fi network.
The move comes as researchers continue to decry weaknesses in WEP, which
is the de-facto security tool for the Wi-Fi/802.11 standard. Various WEP
vulnerabilities such as the plaintext attack, bit flipping attack, and
statistical analysis attack have been well publicized.
WEP
as that of a wired LAN, is considered weak because it uses RC4 encryption
algorithm, a stream cipher, for encrypting packets. WEP’s inability to have
per user/session keys and the lack of re-keying support to allow changing
the encryption key frequently have also been highlighted as major
weaknesses, according to security research.
Microsoft’s new initiative is being touted as a replacement for WEP
because it offers increased methods of data encryption and network
authentication. “The result is a new level of protection for customers
taking advantage of the wireless features in Windows XP,” the software giant
said in a statement.
To improve data encryption, it said WPA would resolve existing
cryptographic weaknesses and introduce a method to generate and distribute
encryption keys automatically. Each bit of data would be encrypted with a
unique encryption key. Microsoft said the update would also introduce an
integrity check on the data so an attacker cannot modify packets of
information being communicated.
To beef up enterprise-level user authentication, Microsoft said WPA
authenticates every user on the network while keeping those users from
joining rogue networks.