The Wi-Fi Alliance created Wi-Fi
Protected Access (WPA) in October of 2002 as a stepping stone between the
sullied Wired Equivalent Privacy (WEP) encryption that has long been part of
the 802.11 specifications, and the upcoming 802.11i standard that will bring
IEEE endorsed security to WLANs. At the time, they said WPA products should
appear in Wi-Fi Certified products by the first quarter.
As the saying goes, better late than never.
Today, the Alliance announced the first certified products with WPA. Of the
nine products, six are specific to chip manufacturers, using designs they can
pass on to customers to ensure the end-user products will also likely get fast
The chips used in the certified references designs are Atheros‘s AR5001X+ in a CardBus card and the
AR5001AP in an access point, both of which support 802.11a/b/g; Broadcom‘s 802.11g-based AirForce BCM94306-GAP
for access point and BCM94306CB for CardBus card, and finally Intersil‘s 802.11b-based PRISM 2.5 ISL37300P
reference for PC Cards and the PRISM 2 ISL36356A access point development kit.
The Atheros multi-mode chips are relatively new compared to the others that
have been out for a while, but have already landed many a customer. They are
going into use by enterprise equipment companies for typical use by companies
like 3com and Intermec, and in what seems to be the majority of the new
WLAN switches from companies like Airespace, Aruba, Chantry, Nortel, Trapeze,
Proxim, and Symbol.
Broadcom and Atheros’s chips include support for the Advanced Encryption Standard
(AES), which will be required by 802.11i. In WPA, encryption can by handled
with either Temporal Key Integrity Protocol (TKIP) — which is an improvement
over WEP’s encryption protocol — or AES.
"Network managers are looking forward to implementing AES as part of a
complete security deployment," says Jeff Abramowitz, senior director of
marketing for Broadcom’s wireless LAN products. "Having it today means
when they turn it on, they won’t have to replace the WLAN card and they won’t
take a performance hit."
The vendors who buy chipsets can get software or firmware upgrades to provide
WPA on their products, which they can then customize for end user.
For example, just as they did with their support for Broadcom’s 802.11g chips,
Buffalo Technology is among the first
to announce support for WPA, first in the Buffalo AirStation
54Mbps Wireless Broadband Base Station (WBR-G54) and in the brand new AirStationTM
G54 Wireless Notebook Adapter (WLI-CB-G54A). The latter is a CardBus PC Card.
These Buffalo products are not yet Wi-Fi Certified for WPA. However, the first
round of WPA certification does include a Cisco Aironet Access Point (AIR-AP1230B),
the Intel PRO/Wireless 2100, and Symbol’s Wireless Networker CompactFlash WLAN
Adapter (Model LA-4137).
Other products announced this week with WPA support include 802.1X implementations:
Funk Software’s Odyssey Client version 2.1
is WPA capable version for Windows and PocketPC that also adds full support
for both the Microsoft and Cisco versions of the PEAP authentication method.
Meetinghouse is putting WPA support into
its AEGIS API Suite, a programming tool to help customers create their own 802.1X
clients, now with WPA support. Interlink Networks has proclaimed
that its entire line of products, including the Secure.XS authentication server
software, will comply with WPA.
In March, Microsoft announced
that Windows XP users would get automatic WPA support with a download from its
Windows Update site.
Do you have doubts that WPA will solve your security woes?
Join us at the 802.11 Planet Conference
& Expo, June 25 – 27, 2003 at the World Trade Center Boston in Boston, MA.
Join the experts from companies like Meetinghouse as they answer the question
Does WPA Close The Wi-Fi Security Gap?