Securing WLAN Of Greater Concern Than 802.11 Migration

With companies such as Envara and Embedded Wireless Devices recently grabbing headlines by outlining the
developmental roadmap for the 802.11, the future of WLAN has seemingly been
reassured.

IT managers and consumers will no longer need to concern themselves with
the question of how to upgrade their wireless LANs or PANs (personal area
networks) once faster data transmission rates are finally rolled out.
Whether WLAN users will use the same spectrum space (2.4 GHz) to migrate to
802.11g or the higher spectrum (5 GHz) to migrate to 802.11a, backwards
compatibility with 802.11b is almost assured.

But some folks within the industry don’t think kindly of the recent rash
of headlines touting “dual-mode” or “interoperability.” In fact, Texas
Instruments — one of a few companies that has actual 802.11b products on
the market — views any such announcement more as a distraction than as a
boon.

“These [types of announcements] have the potential to make people think
that customers will hold off purchases to wait for vaporware,” said Bill
Carney, director of marketing applications for TI’s Wireless Networking
Business unit. It will merely slow early adoption.

While its Packet Binary Convolution Coding (PBCC) technology is an
official modulation scheme authorized for the 802.11b specification, TI also
is developing solutions using Orthogonal Frequency Division Multiplexing
(OFDM) as a modulation scheme for the 802.11a spec in the 5 GHz field.
Consequently, when faster data rates finally become a reality, TI plans to
be there with interoperable products.

“It’s very logical that dual-mode will happen…most likely, we’ll have a
similar type offering,” Carney said during a telephone interview.

For now, though, Carney argued that any announcement that promise the
next-best-thing is merely just hype and overlooks the fact that products
currently on the market have a long lifespan.

“The 802.11 technology got started 10 years ago and it’s taken 10 years
to become affordable. I think we should draw a conclusion that it’s not a
fast ramp” to 802.11a, the TI official explained.

Migration concerns holding up adoption? Hardly!

But despite the marketing push, enterprise customers have shown the most
relunctance in supporting Wi-Fi. In fact, a recent survey by the Dell’Oro
Group showed that consumers were largely responsible for growing the market
to $231.4 million in the first quarter of 2001. Are IT buyers holding off on
implementing wireless LANs due to the confusion created by migration issues?

For organizations like financial institutions and health care companies,
the single largest hurdle is security, not migration. Enterprise customers
of that magnitude not only rely on secure “wired” environments to house
highly sensitive consumer data but are under strict government regulations
to do so.

“No way in Hell. I wouldn’t even touch it. There’s too much critical
information going over our wires,” said Derek Anderson of Kaiser’s IT
division. “I think it’s going to take a while for everyone to start using it
because of the security risk.”

Still, industry participants haven’t given up the belief that wireless
LANs will eventually make their way into those environments. Symbol
Technologies, a provider of the bar-code scanner and mobile solutions, is
one such player that is just wrapping up beta tests of its WLAN security
solution labeled Spectrum24. The company expects to have products available
shortly.

“They [Kaiser] probably aren’t allowed to offer their doctors home access
to their patient’s records. Medical records in particular have very high
security requirements. But I believe WLANs will make their way into both
hospitals and doctors’ offices,” said John Hughes, director of strategic
marketing at Symbol Tech.

Too much is not enough?

Hughes, who also is a member of the IEEE group (802.11i) currently
examining wireless security issues, emphasized that it isn’t enough to
simply secure the wireless portion of an environment. Security must be
implemented as a holistic solution as opposed to ad hoc components.

WLAN security comes from practically any (or even all) points on the
network — from the gateways and access points right up to the wired server.
If the server that houses the security system is freely accessible — say,
because it’s used to run other mission critical capabilities — then “you’ve
opened the door to hackers,” Hughes said.

“It comes down to policy. There’s no silver bullet,” he said. “For us,
the WLAN is part of the real LAN so we need to make that as secure.”

So, with myriad possible combinations available to a WLAN customer,
the issue then becomes: how much security is enough?

All security systems consist of three main components: encryption,
authentication and key distribution. According to the latest government
mandates, the IT community must be able to demonstrate a provable solution
that has a minimum encryption size of 128 bits based on standard protocols
for authentication and key distribution. But how can a security system meet
indefinite qualifications such as “provable?”

“Provable is the key word. It’s practically impossible,” Hughes said.

At least in the realm of encryption, the federal government identified a new
technique
using 128-bit algorithms that will be the basis of the new
Advanced Encryption Standard (AES). Prior to the adoption of AES, the
government had endorsed a 56-bit encryption technique called Data Encryption
Standard (DES), which was adopted in 1977. To enhance security encryption
through the decades since the 70s, cryptographers developed a way to encrypt
data three times over — a variant known as “Triple DES.”

But, this so-called Triple DES used more of a machine’s processor power
because data wasn’t just sent through once to encrypt — data was sent three
times. With such power needs, WLAN users in essense would be locked to
their A/C adapters even if their network connections were wireless…hence,
the selection of AES in October 2000.

The only problem is, when the Wired Equivalency Protocol (WEP) was first
created, AES wasn’t identified as an encryption standard. The IEEE’s 802.11
Working Group is now developing a next-generation WEP but currently has no
proposals for a backwards compatible encryption scheme.

In fact, the only encryption scheme that is getting support from the IEEE
is an AES-based proposal submitted by a professor from the University of
California, Davis, known as AES-OCB.

Hughes doesn’t expect a resolution to the security issues by the next
regularly scheduled IEEE meeting on Sept. 17-21 in Seattle.

News Around the Web