New Wi-Fi Security Spec Due Mid-Year

The Wi-Fi Alliance has announced plans to upgrade the security
capabilities in a new version of its industry-standard Wi-Fi Protected
Access (WPA) protocol due for release later this year.

The non-profit group, which certifies interoperability of wireless LAN
products based on the IEEE 802.11 specification, said the
next version of WPA, dubbed WPA2, would be available toward the middle of
2004.

Wi-Fi Alliance managing director Frank Hanzlik has described WPA2 as an “enhancement” and made it clear that most business and personal security needs are already met by the existing WPA spec.

The WPA standard was created to improve on the features of the older WEP protocol, particularly in the areas of data encryption and user authentication. To improve data encryption, WPA is set to resolve existing cryptographic weaknesses and introduce a method to generate and distribute encryption keys automatically. Each bit of data would be encrypted with a unique encryption key.

User authentication has also been enhanced in WPA through the extensible authentication protocol (EAP), which is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.

“The Wi-Fi Alliance recommends that WPA be enabled in wireless LAN
applications where data security is a concern. WPA has proven to be a very secure and easily implemented security solution. WEP should only be used when a more secure wireless LAN security solution is not available,” the group said in a statement.

The Alliance also announced that more than 175 Wi-Fi products have been certified with WPA, including hardware from big-name vendors like Intel , Cisco , Linksys, Hewlett-Packard, Dell, Apple and Sony Corp.

“[WPA] is a very robust, cross-vendor interoperable security technology that is both easier to install than its flawed predecessor WEP and far more secure. The Wi-Fi Alliance recommends that WEP be dropped in favor of WPA for applications as soon as feasible,” the group said.

Since WPA certifications were announced in April 2003, the Alliance said the industry has seen very rapid adoption by WLAN vendors, leading to the standard becoming a mandatory feature last September. “It is also important to recognize that Wi-Fi certification is the only way to be sure that wireless LAN products from different vendors and even the same vendor will work together.”

Security issues have had a negative impact on enterprise adoption of Wi-Fi, but the Alliance hopes that the protocol enhancements and vendor certification will lead to an increase in corporate WLAN sales.